Filtered by vendor Sap
Subscriptions
Total
1502 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-2752 | 1 Sap | 1 Business Object Processing Framework For Abap | 2025-04-12 | N/A |
| SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
| CVE-2015-7986 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 2197428. | ||||
| CVE-2015-4161 | 1 Sap | 1 Afaria | 2025-04-12 | N/A |
| SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690. | ||||
| CVE-2015-4160 | 1 Sap | 1 Ase Database Platform | 2025-04-12 | N/A |
| SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278. | ||||
| CVE-2015-8028 | 1 Sap | 1 3d Visual Enterprise Viewer | 2025-04-12 | N/A |
| Multiple buffer overflows in SAP 3D Visual Enterprise Viewer (VEV) allow remote attackers to execute arbitrary code via a crafted (1) 3DM or (2) Flic Animation file. | ||||
| CVE-2015-8030 | 1 Sap | 1 3d Visual Enterprise Viewer | 2025-04-12 | N/A |
| SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted (1) U3D, (2) LWO, (3) JPEG2000, or (4) FBX file, aka "Out-Of-Bounds Indexing" vulnerabilities. | ||||
| CVE-2016-3979 | 1 Sap | 1 Java As | 2025-04-12 | N/A |
| Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (heap memory corruption and process crash) via a crafted HTTP request, related to the IctParseCookies function, aka SAP Security Note 2256185. | ||||
| CVE-2015-4159 | 1 Sap | 1 Hana Web-based Development Workbench | 2025-04-12 | N/A |
| SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892. | ||||
| CVE-2015-4158 | 1 Sap | 2 Netweaver Abap Application Server, Netweaver Java Application Server | 2025-04-12 | N/A |
| SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661. | ||||
| CVE-2015-8840 | 1 Sap | 1 Netweaver Application Server Java | 2025-04-12 | 8.8 High |
| The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly have unspecified other impact via requests to (1) webcontent/cas/cas_enter.jsp, (2) webcontent/cas/cas_validate.jsp, or (3) webcontent/aas/aas_store.jsp, aka SAP Security Note 1945215. | ||||
| CVE-2014-8310 | 1 Sap | 1 Businessobjects | 2025-04-12 | N/A |
| The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message. | ||||
| CVE-2016-6140 | 1 Sap | 1 Trex | 2025-04-12 | N/A |
| SAP TREX 7.10 Revision 63 allows remote attackers to write to arbitrary files via vectors related to RFC-Gateway, aka SAP Security Note 2203591. | ||||
| CVE-2015-4157 | 1 Sap | 1 Content Server | 2025-04-12 | N/A |
| SAP Content Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2127995. | ||||
| CVE-2015-4092 | 1 Sap | 1 Afaria | 2025-04-12 | N/A |
| Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, aka SAP Security Note 2153690. | ||||
| CVE-2015-3980 | 1 Sap | 1 Customer Relationship Management | 2025-04-12 | N/A |
| SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534. | ||||
| CVE-2015-3979 | 1 Sap | 1 Customer Relationship Management | 2025-04-12 | N/A |
| Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534. | ||||
| CVE-2015-2278 | 1 Sap | 6 Gui, Maxdb, Netweaver Abap Application Server and 3 more | 2025-04-12 | N/A |
| The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to look-ups of non-simple codes, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316. | ||||
| CVE-2016-3635 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366. | ||||
| CVE-2016-3640 | 1 Sap | 1 Hana Db | 2025-04-12 | N/A |
| The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.091.00.1418659308 allows local users to obtain sensitive password information via vectors related to passwords in Web Dispatcher trace files, aka SAP Security Note 2148905. | ||||
| CVE-2012-4341 | 1 Sap | 1 Netweaver Abap | 2025-04-11 | N/A |
| Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900. | ||||