Filtered by vendor Sap
Subscriptions
Total
1586 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-8913 | 1 Sap | 1 Netweaver Application Server Java | 2025-04-20 | 8.8 High |
| The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873. | ||||
| CVE-2017-11458 | 1 Sap | 1 Netweaver Application Server Java | 2025-04-20 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783. | ||||
| CVE-2017-16681 | 1 Sap | 1 Business Intelligence Promotion Management Application | 2025-04-20 | N/A |
| Cross-Site Scripting (XSS) vulnerability in SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, 4.30, as user controlled inputs are not sufficiently encoded. | ||||
| CVE-2017-7696 | 1 Sap | 1 Sso Authentication Library | 2025-04-20 | N/A |
| SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service (memory consumption) via large values in the width and height parameters to otp_logon_ui_resources/qr, aka SAP Security Note 2389042. | ||||
| CVE-2017-14516 | 1 Sap | 1 Businessobjects Financial Consolidation | 2025-04-20 | N/A |
| Cross-Site Scripting (XSS) exists in SAP Business Objects Financial Consolidation before 2017-06-13, aka SAP Security Note 2422292. | ||||
| CVE-2017-5997 | 1 Sap | 1 Sap Kernel | 2025-04-20 | N/A |
| The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972. | ||||
| CVE-2017-16683 | 1 Sap | 1 Businessobjects | 2025-04-20 | N/A |
| Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service. | ||||
| CVE-2017-7717 | 1 Sap | 1 Netweaver Application Server Java | 2025-04-20 | 8.8 High |
| SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504. | ||||
| CVE-2017-7691 | 1 Sap | 1 Trex | 2025-04-20 | N/A |
| A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592. | ||||
| CVE-2017-16682 | 1 Sap | 2 Business Application Software Integrated Solution, Netweaver Internet Transaction Server | 2025-04-20 | N/A |
| SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application. | ||||
| CVE-2017-15296 | 1 Sap | 1 Customer Relationship Management | 2025-04-20 | N/A |
| The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964. | ||||
| CVE-2016-10310 | 1 Sap | 1 Sql Anywhere | 2025-04-20 | N/A |
| Buffer overflow in the MobiLink Synchronization Server component in SAP SQL Anywhere 17 and possibly earlier allows remote authenticated users to cause a denial of service (resource consumption and process crash) by sending a crafted packet several times, aka SAP Security Note 2308778. | ||||
| CVE-2017-8852 | 1 Sap | 1 Sapcar | 2025-04-20 | N/A |
| SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note 2441560. | ||||
| CVE-2017-15294 | 1 Sap | 1 Customer Relationship Management | 2025-04-20 | N/A |
| The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964. | ||||
| CVE-2016-10311 | 1 Sap | 1 Netweaver | 2025-04-20 | N/A |
| Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238. | ||||
| CVE-2017-10701 | 1 Sap | 1 Enterprise Portal | 2025-04-20 | N/A |
| Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516. | ||||
| CVE-2017-15297 | 1 Sap | 1 Host Agent | 2025-04-20 | N/A |
| SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. This is SAP Security Note 2442993. | ||||
| CVE-2015-7241 | 1 Sap | 1 Netweaver | 2025-04-20 | N/A |
| XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. | ||||
| CVE-2017-16684 | 1 Sap | 1 Business Intelligence Promotion Management Application | 2025-04-20 | N/A |
| SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity. | ||||
| CVE-2017-6950 | 1 Sap | 1 Gui For Windows | 2025-04-20 | N/A |
| SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616. | ||||