Filtered by vendor Sap
Subscriptions
Total
1621 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-1928 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security Note 2241978. | ||||
| CVE-2016-2536 | 2 Google, Sap | 2 Sketchup, 3d Visual Enterprise Viewer | 2025-04-12 | N/A |
| Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp. | ||||
| CVE-2015-1309 | 1 Sap | 1 Netweaver Abap | 2025-04-12 | N/A |
| XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATT_DISPLAY_XMLSTRING_REMOTE, aka SAP Note 2016638. | ||||
| CVE-2015-4092 | 1 Sap | 1 Afaria | 2025-04-12 | N/A |
| Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, aka SAP Security Note 2153690. | ||||
| CVE-2015-8600 | 1 Sap | 1 Mobile Platform | 2025-04-12 | N/A |
| The SysAdminWebTool servlets in SAP Mobile Platform allow remote attackers to bypass authentication and obtain sensitive information, gain privileges, or have unspecified other impact via unknown vectors, aka SAP Security Note 2227855. | ||||
| CVE-2016-6140 | 1 Sap | 1 Trex | 2025-04-12 | N/A |
| SAP TREX 7.10 Revision 63 allows remote attackers to write to arbitrary files via vectors related to RFC-Gateway, aka SAP Security Note 2203591. | ||||
| CVE-2016-4018 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and conduct unspecified other attacks via unspecified vectors, aka SAP Security Note 2262742. | ||||
| CVE-2016-6144 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the password_lock_for_system_user is not supported or is configured as "False," which makes it easier for remote attackers to bypass authentication via a brute force attack, aka SAP Security Note 2216869. | ||||
| CVE-2015-8330 | 1 Sap | 1 Plant Connectivity | 2025-04-12 | N/A |
| The PCo agent in SAP Plant Connectivity (PCo) allows remote attackers to cause a denial of service (memory corruption and agent crash) via crafted xMII requests, aka SAP Security Note 2238619. | ||||
| CVE-2016-3635 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366. | ||||
| CVE-2014-3787 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors. | ||||
| CVE-2015-4091 | 1 Sap | 1 Sap Netweaver Application Server Java | 2025-04-12 | N/A |
| XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tc~sld~wd~main/Main, related to "CIM UPLOAD," aka SAP Security Note 2090851. | ||||
| CVE-2014-3131 | 1 Sap | 1 Profile Maintenance | 2025-04-12 | N/A |
| SAP Profile Maintenance does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1. | ||||
| CVE-2014-3130 | 1 Sap | 1 Netweaver Abap Application Server | 2025-04-12 | N/A |
| The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and execute ABAP instructions via crafted help messages. | ||||
| CVE-2015-2816 | 1 Sap | 1 Afaria | 2025-04-12 | N/A |
| The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict access, which allows remote attackers to have unspecified impact via a crafted request, aka SAP Security Note 2134905. | ||||
| CVE-2016-1910 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290. | ||||
| CVE-2013-7358 | 1 Sap | 1 Guided Procedures Archive Monitor | 2025-04-12 | N/A |
| Unspecified vulnerability in SAP Guided Procedures Archive Monitor allows remote attackers to obtain usernames, roles, profiles, and possibly other identity information via unknown vectors. | ||||
| CVE-2015-2815 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369. | ||||
| CVE-2016-6857 | 1 Sap | 1 Hybris | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Create Catalogue feature in Hybris Management Console (HMC) in SAP Hybris before 5.2.0.13, 5.3.x before 5.3.0.11, 5.4.x before 5.4.0.11, 5.5.0.x before 5.5.0.10, 5.5.1.x before 5.5.1.11, 5.6.x before 5.6.0.11, and 5.7.x before 5.7.0.15 allows remote authenticated users to inject arbitrary web script or HTML via the ID field. | ||||
| CVE-2016-3946 | 1 Sap | 1 Sapconsole | 2025-04-12 | N/A |
| SAP Console (aka SAPConsole) 7.30 allows local users to discover SAP Server login credentials by reading the Windows registry, aka SAP Security Note 2121461. | ||||