Filtered by vendor Sap
Subscriptions
Total
1583 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-4407 | 1 Sap | 1 Sapcryptolib | 2025-04-12 | N/A |
| The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008. | ||||
| CVE-2016-4551 | 1 Sap | 3 Netweaver, Sap Aba, Sap Basis | 2025-04-12 | N/A |
| The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621. | ||||
| CVE-2016-4018 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and conduct unspecified other attacks via unspecified vectors, aka SAP Security Note 2262742. | ||||
| CVE-2013-3678 | 1 Sap | 1 Governance Risk And Compliance | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP-RFC request. | ||||
| CVE-2016-6138 | 1 Sap | 1 Trex | 2025-04-12 | N/A |
| Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591. | ||||
| CVE-2015-7992 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to cause a denial of service (memory corruption and indexserver crash) via unspecified vectors to the EXECUTE_SEARCH_RULE_SET stored procedure, aka SAP Security Note 2175928. | ||||
| CVE-2016-3974 | 1 Sap | 1 Netweaver Application Server Java | 2025-04-12 | 9.1 Critical |
| XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to _tc~monitoring~webservice~web/ServerNodesWSService, aka SAP Security Note 2235994. | ||||
| CVE-2015-7986 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 2197428. | ||||
| CVE-2015-7994 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| The SQL interface in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "SQL Login," aka SAP Security Note 2197428. | ||||
| CVE-2015-7726 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in role deletion in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allows remote authenticated users to inject arbitrary web script or HTML via the role name, aka SAP Security Note 2153898. | ||||
| CVE-2015-6664 | 1 Sap | 1 Mobile Platform | 2025-04-12 | N/A |
| XML external entity (XXE) vulnerability in the application import functionality in SAP Mobile Platform 2.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2152227. | ||||
| CVE-2015-6663 | 1 Sap | 1 Afaria | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Client form in the Device Inspector page in SAP Afaria 7 allows remote attackers to inject arbitrary web script or HTML via crafted client name data, aka SAP Security Note 2152669. | ||||
| CVE-2015-8028 | 1 Sap | 1 3d Visual Enterprise Viewer | 2025-04-12 | N/A |
| Multiple buffer overflows in SAP 3D Visual Enterprise Viewer (VEV) allow remote attackers to execute arbitrary code via a crafted (1) 3DM or (2) Flic Animation file. | ||||
| CVE-2015-6662 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485. | ||||
| CVE-2015-5068 | 1 Sap | 1 Mobile Platform | 2025-04-12 | N/A |
| XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security Note 2159601. | ||||
| CVE-2016-4015 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784. | ||||
| CVE-2015-4159 | 1 Sap | 1 Hana Web-based Development Workbench | 2025-04-12 | N/A |
| SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892. | ||||
| CVE-2015-7991 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| The Web Dispatcher service in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to read web dispatcher and security trace files and possibly obtain passwords via unspecified vectors, aka SAP Security Note 2148854. | ||||
| CVE-2015-4157 | 1 Sap | 1 Content Server | 2025-04-12 | N/A |
| SAP Content Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2127995. | ||||
| CVE-2016-6139 | 1 Sap | 1 Trex | 2025-04-12 | N/A |
| SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591. | ||||