Filtered by vendor Sap
Subscriptions
Total
1641 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-4159 | 1 Sap | 1 Hana Web-based Development Workbench | 2025-04-12 | N/A |
| SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892. | ||||
| CVE-2015-4158 | 1 Sap | 2 Netweaver Abap Application Server, Netweaver Java Application Server | 2025-04-12 | N/A |
| SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661. | ||||
| CVE-2015-4092 | 1 Sap | 1 Afaria | 2025-04-12 | N/A |
| Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, aka SAP Security Note 2153690. | ||||
| CVE-2015-3980 | 1 Sap | 1 Customer Relationship Management | 2025-04-12 | N/A |
| SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534. | ||||
| CVE-2016-3635 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366. | ||||
| CVE-2015-3979 | 1 Sap | 1 Customer Relationship Management | 2025-04-12 | N/A |
| Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534. | ||||
| CVE-2015-3978 | 1 Sap | 1 Sybase Unwired Platform Online Data Proxy | 2025-04-12 | N/A |
| SAP Sybase Unwired Platform Online Data Proxy allows local users to obtain usernames and passwords via the DataVault, aka SAP Security Note 2094830. | ||||
| CVE-2014-9569 | 1 Sap | 1 Netweaver Business Client For Html | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) roundtrips parameter, aka SAP Security Note 2051285. | ||||
| CVE-2015-3995 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565. | ||||
| CVE-2015-3994 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818. | ||||
| CVE-2015-3621 | 1 Sap | 1 Enterprise Central Component | 2025-04-12 | N/A |
| Untrusted search path vulnerability in SAP Enterprise Central Component (ECC) allows local users to gain privileges via a Trojan horse program. | ||||
| CVE-2015-3449 | 1 Sap | 1 Afaria | 2025-04-12 | N/A |
| The Windows client in SAP Afaria 7.0.6398.0 uses weak permissions (Everyone: read and Everyone: write) for the install folder, which allows local users to gain privileges via a Trojan horse XeService.exe file. | ||||
| CVE-2015-2820 | 1 Sap | 1 Afaria | 2025-04-12 | N/A |
| Buffer overflow in XcListener in SAP Afaria 7.0.6001.5 allows remote attackers to cause a denial of service (process termination) via a crafted request, aka SAP Security Note 2132584. | ||||
| CVE-2015-2819 | 1 Sap | 1 Sql Anywhere | 2025-04-12 | N/A |
| SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a denial of service (crash) via a crafted request, aka SAP Security Note 2108161. | ||||
| CVE-2015-2818 | 1 Sap | 1 Mobile Platform | 2025-04-12 | N/A |
| XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125513. | ||||
| CVE-2015-2817 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768. | ||||
| CVE-2015-2278 | 1 Sap | 6 Gui, Maxdb, Netweaver Abap Application Server and 3 more | 2025-04-12 | N/A |
| The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to look-ups of non-simple codes, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316. | ||||
| CVE-2015-2816 | 1 Sap | 1 Afaria | 2025-04-12 | N/A |
| The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict access, which allows remote attackers to have unspecified impact via a crafted request, aka SAP Security Note 2134905. | ||||
| CVE-2015-2815 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369. | ||||
| CVE-2015-2811 | 1 Sap | 1 Netweaver Enterprise Portal | 2025-04-12 | N/A |
| XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939. | ||||