Filtered by vendor Sap
Subscriptions
Total
1555 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-5751 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2010-4556 | 1 Sap | 1 Netweaver Business Client | 2025-04-11 | N/A |
| Stack-based buffer overflow in the SapThemeRepository ActiveX control (sapwdpcd.dll) in SAP NetWeaver Business Client allows remote attackers to execute arbitrary code via the (1) Load and (2) LoadTheme methods. | ||||
| CVE-2014-1964 | 1 Sap | 2 Netweaver, Netweaver Exchange Infrastructure \(bc-xi\) | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to the ESR application and a DIR error. | ||||
| CVE-2013-7094 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2013-6823 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors. | ||||
| CVE-2013-3244 | 1 Sap | 1 Erp Central Component | 2025-04-11 | N/A |
| Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB function in the Project System (PS-IS) module for SAP ERP Central Component (ECC) allow remote attackers to execute arbitrary code via a (1) RFC or (2) SOAP-RFC request. | ||||
| CVE-2014-1962 | 1 Sap | 1 Customer Relationship Management | 2025-04-11 | N/A |
| Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue. | ||||
| CVE-2014-1961 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors. | ||||
| CVE-2014-1960 | 1 Sap | 2 Netweaver, Netweaver Solution Manager | 2025-04-11 | N/A |
| The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2013-6822 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue. | ||||
| CVE-2013-3243 | 2 Opentext, Sap | 2 Opentext\/ixos Ecm For Sap Netweaver, Netweaver | 2025-04-11 | N/A |
| Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors. | ||||
| CVE-2010-3981 | 1 Sap | 1 Businessobjects | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to inject arbitrary web script or HTML via the ServiceClass field to the Edit Service Parameters page. | ||||
| CVE-2010-3032 | 1 Sap | 1 Crystal Reports | 2025-04-11 | N/A |
| Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow. | ||||
| CVE-2013-5723 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE." | ||||
| CVE-2012-1289 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or (3) ipc/admin/log.jsp or (4) ipc/admin/log_view.jsp in the Application Administration (com.sap.ipc.webapp.ipc) component. | ||||
| CVE-2013-6819 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-6818 | 1 Sap | 1 Netweaver Logviewer | 2025-04-11 | N/A |
| SAP NetWeaver Logviewer 6.30, when running on Windows, allows remote attackers to bypass intended access restrictions via unspecified vectors. | ||||
| CVE-2012-2612 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | ||||
| CVE-2010-2103 | 3 3com, Apache, Sap | 3 Intelligent Management Center, Axis2, Business Objects | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2013-6814 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors. | ||||