Filtered by vendor Sap
Subscriptions
Total
1555 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-4009 | 1 Sap | 1 Computing Center Management System Monitoring | 2025-04-12 | N/A |
| SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
| CVE-2014-8663 | 1 Sap | 1 Netweaver Business Warehouse | 2025-04-12 | N/A |
| SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2014-8662 | 1 Sap | 1 Payroll Process | 2025-04-12 | N/A |
| Unspecified vulnerability in SAP Payroll Process allows remote attackers to cause a denial of service via vectors related to session handling. | ||||
| CVE-2016-6150 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended access restrictions and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2233550. | ||||
| CVE-2013-7361 | 1 Sap | 2 Cm Services, Cms Services | 2025-04-12 | N/A |
| Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors. | ||||
| CVE-2014-8660 | 1 Sap | 1 Document Management Services | 2025-04-12 | N/A |
| SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2014-8659 | 1 Sap | 1 Environment Health And Safety | 2025-04-12 | N/A |
| Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2015-8753 | 1 Sap | 1 Afaria | 2025-04-12 | N/A |
| SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization checks and wipe or lock mobile devices via a crafted request, related to "Insecure signature," aka SAP Security Note 2134905. | ||||
| CVE-2016-1929 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, related to an unspecified debug function, aka SAP Security Note 2241978. | ||||
| CVE-2016-3975 | 1 Sap | 1 Netweaver Application Server Java | 2025-04-12 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to inject arbitrary web script or HTML via the navigationTarget parameter to irj/servlet/prt/portal/prteventname/XXX/prtroot/com.sapportals.navigation.testComponent.NavigationURLTester, aka SAP Security Note 2238375. | ||||
| CVE-2014-8592 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request. | ||||
| CVE-2016-3974 | 1 Sap | 1 Netweaver Application Server Java | 2025-04-12 | 9.1 Critical |
| XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to _tc~monitoring~webservice~web/ServerNodesWSService, aka SAP Security Note 2235994. | ||||
| CVE-2016-6149 | 1 Sap | 1 Hana Sps09 | 2025-04-12 | N/A |
| SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain sensitive information by leveraging the EXPORT statement to export files, aka SAP Security Note 2252941. | ||||
| CVE-2014-8589 | 1 Sap | 1 Network Interface Router | 2025-04-12 | N/A |
| Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests. | ||||
| CVE-2015-4091 | 1 Sap | 1 Sap Netweaver Application Server Java | 2025-04-12 | N/A |
| XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tc~sld~wd~main/Main, related to "CIM UPLOAD," aka SAP Security Note 2090851. | ||||
| CVE-2014-8588 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2016-6145 | 1 Sap | 1 Hana Db | 2025-04-12 | N/A |
| The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailed_error_on_connect option is not supported or is configured as "False," which allows remote attackers to enumerate database users via a series of login attempts, aka SAP Security Note 2216869. | ||||
| CVE-2014-8587 | 1 Sap | 5 Commoncryptolib, Hana, Netweaver and 2 more | 2025-04-12 | N/A |
| SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors. | ||||
| CVE-2015-7726 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in role deletion in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allows remote authenticated users to inject arbitrary web script or HTML via the role name, aka SAP Security Note 2153898. | ||||
| CVE-2014-8315 | 1 Sap | 1 Businessobjects Explorer | 2025-04-12 | N/A |
| polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 replies with different timing depending on if a connection can be made, which allows remote attackers to conduct port scanning attacks via a host name and port in the cms parameter. | ||||