Filtered by vendor Sap
Subscriptions
Total
1641 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-8871 | 1 Sap | 1 Hybris | 2025-04-20 | N/A |
| Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and earlier, 5.0.0.3 and earlier, 5.0.4.4 and earlier, 5.1.0.1 and earlier, 5.1.1.2 and earlier, 5.2.0.3 and earlier, and 5.3.0.1 and earlier. | ||||
| CVE-2017-6950 | 1 Sap | 1 Gui For Windows | 2025-04-20 | N/A |
| SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616. | ||||
| CVE-2017-16687 | 1 Sap | 1 Hana Database | 2025-04-20 | N/A |
| The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts. An unauthenticated user could use the error messages to determine if a given username is valid. | ||||
| CVE-2017-6061 | 1 Sap | 1 Businessobjects Financial Consolidation | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET request. /finance/help/en/frameset.htm is the URI for this component. The vendor response is SAP Security Note 2368106. | ||||
| CVE-2017-16681 | 1 Sap | 1 Business Intelligence Promotion Management Application | 2025-04-20 | N/A |
| Cross-Site Scripting (XSS) vulnerability in SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, 4.30, as user controlled inputs are not sufficiently encoded. | ||||
| CVE-2017-16679 | 1 Sap | 1 Sap Kernel | 2025-04-20 | N/A |
| URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site. | ||||
| CVE-2017-16678 | 1 Sap | 4 Epbc, Epbc2, Kmc-bc and 1 more | 2025-04-20 | N/A |
| Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application. | ||||
| CVE-2016-6818 | 1 Sap | 1 Business Intelligence Platform | 2025-04-20 | N/A |
| SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service (data deletion), or launch administrative operations or possibly OS commands via a crafted SQL query. The vendor response is SAP Security Note 2361633. | ||||
| CVE-2017-15295 | 1 Sap | 1 Point Of Sale Xpress Server | 2025-04-20 | N/A |
| Xpress Server in SAP POS does not require authentication for read/write/delete file access. This is SAP Security Note 2520064. | ||||
| CVE-2017-15296 | 1 Sap | 1 Customer Relationship Management | 2025-04-20 | N/A |
| The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964. | ||||
| CVE-2017-5372 | 1 Sap | 1 Netweaver | 2025-04-20 | N/A |
| The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic, or (5) getClientStatistic function, aka SAP Security Note 2331908. | ||||
| CVE-2016-10311 | 1 Sap | 1 Netweaver | 2025-04-20 | N/A |
| Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238. | ||||
| CVE-2017-14581 | 1 Sap | 1 Netweaver Application Server Java | 2025-04-20 | 7.5 High |
| The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181. | ||||
| CVE-2017-11460 | 1 Sap | 1 Netweaver Portal | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the DataArchivingService servlet in SAP NetWeaver Portal 7.4 allows remote attackers to inject arbitrary web script or HTML via the responsecode parameter to shp/shp_result.jsp, aka SAP Security Note 2308535. | ||||
| CVE-2017-11459 | 1 Sap | 1 Trex | 2025-04-20 | N/A |
| SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592. | ||||
| CVE-2017-15297 | 1 Sap | 1 Host Agent | 2025-04-20 | N/A |
| SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. This is SAP Security Note 2442993. | ||||
| CVE-2017-11458 | 1 Sap | 1 Netweaver Application Server Java | 2025-04-20 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783. | ||||
| CVE-2017-15293 | 1 Sap | 1 Point Of Sale Xpress Server | 2025-04-20 | N/A |
| Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. This is SAP Security Note 2520064. | ||||
| CVE-2017-16682 | 1 Sap | 2 Business Application Software Integrated Solution, Netweaver Internet Transaction Server | 2025-04-20 | N/A |
| SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application. | ||||
| CVE-2016-6143 | 1 Sap | 1 Hana | 2025-04-20 | N/A |
| SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806. | ||||