Skip to main content
CVE-2015-5067 HIGH This Week

The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver
NVD
CVSS 2.0
7.5
EPSS
1.6%
CVE-2015-5068 HIGH This Week

XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Mobile Platform
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2015-4208 HIGH This Week

Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Webex Meeting Center
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2015-4211 HIGH This Week

Cisco AnyConnect Secure Mobility Client 3.1(60) on Windows does not properly validate pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCus65862. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Microsoft Anyconnect Secure Mobility Client
NVD
CVSS 2.0
7.2
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy