Filtered by vendor Sap
Subscriptions
Total
1641 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-6817 | 1 Sap | 1 Network Interface Router | 2025-04-11 | N/A |
| Heap-based buffer overflow in SAP Network Interface Router (SAProuter) 7.30 allows remote attackers to cause a denial of service and execute arbitrary code via crafted NI Route messages. | ||||
| CVE-2013-7095 | 1 Sap | 1 Customer Relationship Management | 2025-04-11 | N/A |
| The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue. | ||||
| CVE-2012-2612 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | ||||
| CVE-2012-2611 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet. | ||||
| CVE-2012-2513 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | ||||
| CVE-2012-1292 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vectors. | ||||
| CVE-2012-1291 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the EnableInvokerServletGlobally property in the servlet_jsp service. | ||||
| CVE-2024-25644 | 1 Sap | 1 Netweaver | 2025-04-10 | 5.3 Medium |
| Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application. | ||||
| CVE-2023-0013 | 1 Sap | 1 Netweaver Application Server Abap | 2025-04-09 | 6.1 Medium |
| The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application. | ||||
| CVE-2023-0012 | 2 Microsoft, Sap | 2 Windows, Host Agent | 2025-04-09 | 6.4 Medium |
| In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. Note that by default all user members of SAP_LocaAdmin are denied the ability to logon locally by security policy so that this can only occur if the system has already been compromised. | ||||
| CVE-2023-0014 | 1 Sap | 4 Netweaver Application Server Abap, Netweaver Application Server Abap Kernel, Netweaver Application Server Abap Krnl64nuc and 1 more | 2025-04-09 | 9 Critical |
| SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system. | ||||
| CVE-2023-0015 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2025-04-09 | 4.6 Medium |
| In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application. | ||||
| CVE-2023-0016 | 1 Sap | 1 Business Planning And Consolidation | 2025-04-09 | 9.9 Critical |
| SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries. The exploitation of this issue could lead to SQL injection vulnerability and could allow an attacker to access, modify, and/or delete data from the backend database. | ||||
| CVE-2023-0017 | 1 Sap | 1 Netweaver Application Server For Java | 2025-04-09 | 9.4 Critical |
| An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current system. This could allow the attacker to have full read access to user data, make modifications to user data, and make services within the system unavailable. | ||||
| CVE-2023-0018 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2025-04-09 | 10 Critical |
| Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an attacker with basic user-level privileges can modify/upload crystal reports containing a malicious payload. Once these reports are viewable, anyone who opens those reports would be susceptible to stored XSS attacks. As a result of the attack, information maintained in the victim's web browser can be read, modified, and sent to the attacker. | ||||
| CVE-2023-0022 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2025-04-09 | 9.9 Critical |
| SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network. On successful exploitation, an attacker can perform operations that may completely compromise the application causing a high impact on the confidentiality, integrity, and availability of the application. | ||||
| CVE-2023-0023 | 1 Sap | 1 Bank Account Management | 2025-04-09 | 4.5 Medium |
| In SAP Bank Account Management (Manage Banks) application, when a user clicks a smart link to navigate to another app, personal data is shown directly in the URL. They might get captured in log files, bookmarks, and so on disclosing sensitive data of the application. | ||||
| CVE-2007-3608 | 1 Sap | 1 Enjoysap | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to create certain files via unspecified vectors. | ||||
| CVE-2009-4603 | 1 Sap | 3 Sap Kernel, Sap Netweaver, Sap Web Application Server | 2025-04-09 | N/A |
| Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3346 | 1 Sap | 1 Crystal Reports Server | 2025-04-09 | N/A |
| Unspecified vulnerability in SAP Crystal Reports Server 2008 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | ||||