Skip to main content

SAP

1669 CVEs vendor

Monthly

CVE-2015-1311 CRITICAL Act Now

The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SAP Code Injection Hana Extended Application Services
NVD
CVSS 2.0
10.0
EPSS
1.7%
CVE-2015-1310 HIGH This Week

SQL injection vulnerability in SAP Adaptive Server Enterprise (Sybase ASE) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Note 2113333. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Adaptive Server Enterprise
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2015-1309 MEDIUM This Month

XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Netweaver Abap
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-9595 MEDIUM This Month

Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE SAP Buffer Overflow Sap Kernel
NVD
CVSS 2.0
6.5
EPSS
1.7%
CVE-2014-9594 MEDIUM This Month

Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE SAP Buffer Overflow Sap Kernel
NVD
CVSS 2.0
6.5
EPSS
1.7%
CVE-2014-9569 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS SAP Netweaver Business Client For Html
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-9387 CRITICAL Act Now

SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Businessobjects
NVD
CVSS 2.0
10.0
EPSS
5.8%
CVE-2014-9264 HIGH This Week

Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow Sql Anywhere
NVD
CVSS 2.0
7.5
EPSS
4.3%
CVE-2013-3678 CRITICAL Act Now

Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Governance Risk And Compliance
NVD
CVSS 2.0
9.0
EPSS
2.0%
CVE-2014-8669 CRITICAL Act Now

The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SAP Code Injection Customer Relationship Management
NVD
CVSS 2.0
10.0
EPSS
10.0%
CVE-2014-8668 HIGH This Week

SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Contract Accounting
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-8667 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS SAP Hana Web Based Development Workbench
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-8666 MEDIUM This Month

The User & Server configuration, InfoView refresh, user rights (BI-BIP-ADM) component in SAP Business Intellignece allows remote attackers to obtain audit event details via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Business Intelligence Development Workbench
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-8665 MEDIUM This Month

The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Business Intelligence Development Workbench
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-8664 HIGH This Week

SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Environment Health And Safety
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-8663 HIGH This Week

SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Netweaver Business Warehouse
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-8662 HIGH This Week

Unspecified vulnerability in SAP Payroll Process allows remote attackers to cause a denial of service via vectors related to session handling. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP Payroll Process
NVD
CVSS 2.0
7.8
EPSS
0.5%
CVE-2014-8661 CRITICAL Act Now

The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SAP Code Injection Customer Relationship Management Internet Sales
NVD
CVSS 2.0
10.0
EPSS
4.5%
CVE-2014-8660 HIGH This Week

SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

RCE SAP Code Injection Document Management Services
NVD
CVSS 2.0
7.2
EPSS
0.2%
CVE-2014-8659 MEDIUM This Month

Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal SAP Environment Health And Safety
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2014-0995 MEDIUM POC THREAT This Month

The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 32.6%.

Denial Of Service SAP Netweaver
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
32.6%
CVE-2014-8592 MEDIUM This Month

Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP Netweaver
NVD
CVSS 2.0
5.0
EPSS
1.6%
CVE-2014-8591 MEDIUM POC This Month

Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SAP Netweaver
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2014-8590 MEDIUM This Month

XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XXE SAP Java Netweaver Java Application Server
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2014-8589 MEDIUM This Month

Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP Network Interface Router
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-8588 HIGH This Week

SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Hana
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-8587 HIGH This Week

SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Commoncryptolib Sapcryptolib Sapseculib +2
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-6283 MEDIUM POC This Month

SAP Adaptive Server Enterprise (ASE) 15.7 before SP122 or SP63, 15.5 before ESD#5.4, and 15.0.3 before ESD#4.4 does not properly restrict access, which allows remote authenticated database users to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation SAP Buffer Overflow Adaptive Server Enterprise
NVD
CVSS 2.0
6.5
EPSS
0.9%
CVE-2014-8316 MEDIUM POC This Month

XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE SAP Businessobjects Explorer
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-8315 MEDIUM This Month

polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 replies with different timing depending on if a connection can be made, which allows remote attackers to conduct port scanning. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects Explorer
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-8314 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA Developer Edition Revision 70 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS SAP Hana
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-8313 MEDIUM This Month

Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

RCE SAP Code Injection Hana
NVD
CVSS 2.0
6.0
EPSS
0.8%
CVE-2014-8312 LOW Monitor

Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure SAP Netweaver Abap
NVD
CVSS 2.0
3.5
EPSS
0.5%
CVE-2014-8311 LOW Monitor

SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure SAP Businessobjects
NVD
CVSS 2.0
3.5
EPSS
0.4%
CVE-2014-8310 HIGH This Week

The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service SAP Businessobjects
NVD
CVSS 2.0
7.1
EPSS
2.5%
CVE-2014-8309 MEDIUM This Month

SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects Businessobjects Xi
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-8308 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS SAP Businessobjects
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-6252 MEDIUM This Month

Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE SAP Buffer Overflow Netweaver
NVD
CVSS 2.0
6.5
EPSS
2.2%
CVE-2014-5506 MEDIUM This Month

Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE SAP Crystal Reports
NVD
CVSS 2.0
6.8
EPSS
2.1%
CVE-2014-5505 MEDIUM This Month

Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE SAP Buffer Overflow Crystal Reports
NVD
CVSS 2.0
6.8
EPSS
6.5%
CVE-2014-5176 MEDIUM This Month

SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure SAP Fi Manager Self Service
NVD
CVSS 2.0
6.0
EPSS
1.6%
CVE-2014-5175 HIGH This Week

The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Solution Manager
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-5174 LOW Monitor

The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation SAP Netweaver Business Warehouse
NVD
CVSS 2.0
3.5
EPSS
0.4%
CVE-2014-5173 MEDIUM This Month

SAP HANA Extend Application Services (XS) allows remote attackers to bypass access restrictions via a request to a private IU5 SDK application that was once public. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Hana Extended Application Services
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-5172 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS SAP Hana
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-5171 LOW Monitor

SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and. Rated low severity (CVSS 2.9). No vendor patch available.

Information Disclosure SAP Hana Extended Application Services
NVD
CVSS 2.0
2.9
EPSS
0.4%
CVE-2014-4161 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web script or HTML via the url parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS SAP Supplier Relationship Management
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4160 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS SAP Netweaver Business Client
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-4159 MEDIUM POC This Month

Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Open Redirect SAP Supplier Relationship Management
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2014-4012 MEDIUM This Month

SAP Open Hub Service has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Open Hub Service
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-4011 MEDIUM This Month

SAP Capacity Leveling has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Capacity Leveling
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-4010 MEDIUM This Month

SAP Transaction Data Pool has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Transaction Data Pool
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-4009 MEDIUM This Month

SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Computing Center Management System Monitoring
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-4008 MEDIUM This Month

SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Web Services Tool
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-4007 MEDIUM This Month

The SAP Upgrade tools for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Upgrade Tools
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-4006 MEDIUM This Month

The SAP Trader's and Scheduler's Workbench (TSW) for SAP Oil & Gas has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Oil Industry Solution Traders And Schedulers Workbench
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-4005 MEDIUM This Month

SAP Brazil add-on has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Brazil
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-4004 MEDIUM This Month

The (1) Structures and (2) Project-Oriented Procurement components in SAP Project System has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Project System
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-4003 HIGH This Week

The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Netweaver
NVD
CVSS 2.0
7.5
EPSS
1.2%
CVE-2014-3787 MEDIUM This Month

SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Netweaver
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-3134 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS SAP Businessobjects
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3133 MEDIUM This Month

SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Java Netweaver Java Application Server
NVD VulDB
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-3132 MEDIUM This Month

SAP Background Processing does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Background Processing
NVD VulDB
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-3131 MEDIUM This Month

SAP Profile Maintenance does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Profile Maintenance
NVD VulDB
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-3130 MEDIUM This Month

The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation SAP Netweaver Abap Application Server
NVD VulDB
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-3129 MEDIUM This Month

The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Java Netweaver Software Lifecycle Manager
NVD VulDB
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-0984 MEDIUM POC This Month

The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation SAP Router
NVD Exploit-DB VulDB
CVSS 2.0
4.3
EPSS
9.0%
CVE-2014-2752 HIGH This Week

SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Business Object Processing Framework For Abap
NVD VulDB
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-2751 HIGH This Week

SAP Print and Output Management has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Print And Output Management
NVD VulDB
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-2749 MEDIUM This Month

The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Hana
NVD VulDB
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-2748 HIGH This Week

The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Enhancement Package
NVD VulDB
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-7367 HIGH This Week

SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Enterprise Portal
NVD VulDB
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-7366 MEDIUM This Month

The SAP Software Deployment Manager (SDM), in certain unspecified conditions, allows remote attackers to cause a denial of service via vectors related to failed authentications. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP Authentication Bypass Software Deployment Manager
NVD VulDB
CVSS 2.0
5.0
EPSS
1.1%
CVE-2013-7365 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS SAP Enterprise Portal
NVD VulDB
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-7364 HIGH This Week

An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Netweaver
NVD VulDB
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-7363 HIGH This Week

Unspecified vulnerability in the Diagnostics (SMD) agent in SAP Solution Manager allows remote attackers to obtain sensitive information, modify the configuration of applications, and install or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Solution Manager
NVD VulDB
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-7362 HIGH This Week

An unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SAP Code Injection Ccms Agent
NVD VulDB
CVSS 2.0
7.5
EPSS
1.0%
CVE-2013-7361 MEDIUM This Month

Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal SAP Cm Services Cms Services
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-7360 HIGH This Week

Unspecified vulnerability in SAP adminadapter allows remote attackers to read or write to arbitrary files via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Adminadapter
NVD VulDB
CVSS 2.0
7.5
EPSS
0.5%
CVE-2013-7359 MEDIUM This Month

Unspecified vulnerability in SAP Mobile Infrastructure allows remote attackers to obtain sensitive port information via unknown vectors, related to an "internal port scanning" issue. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Mobile Infrastructure
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-7358 MEDIUM This Month

Unspecified vulnerability in SAP Guided Procedures Archive Monitor allows remote attackers to obtain usernames, roles, profiles, and possibly other identity information via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Guided Procedures Archive Monitor
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-7357 MEDIUM This Month

Unspecified vulnerability in the configuration service in SAP J2EE Engine allows remote attackers to obtain credential information via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP J2Ee Engine
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-7356 MEDIUM This Month

Unspecified vulnerability in the SAP CCMS / Database Monitors for Oracle allows attackers to obtain the database password via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Oracle Ccms Database Monitor
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-7355 HIGH This Week

SQL injection vulnerability in SAP BI Universal Data Integration allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to the J2EE schema. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Bi Universal Data Integration
NVD VulDB
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-1965 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

SAP Microsoft XSS Netweaver
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-1964 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

SAP Microsoft XSS Netweaver Netweaver Exchange Infrastructure Bc Xi
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-1963 MEDIUM This Month

Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP Netweaver
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-1962 MEDIUM This Month

Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure XXE SAP Customer Relationship Management
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-1961 MEDIUM This Month

Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Netweaver
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-1960 MEDIUM This Month

The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Netweaver Netweaver Solution Manager
NVD
CVSS 2.0
5.0
EPSS
0.4%
EPSS 2% CVSS 10.0
CRITICAL Act Now

The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SAP Code Injection +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

SQL injection vulnerability in SAP Adaptive Server Enterprise (Sybase ASE) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Note 2113333. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Adaptive Server Enterprise
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Netweaver Abap
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE SAP +2
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE SAP +2
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS SAP Netweaver Business Client For Html
NVD
EPSS 6% CVSS 10.0
CRITICAL Act Now

SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Businessobjects
NVD
EPSS 4% CVSS 7.5
HIGH This Week

Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow +1
NVD
EPSS 2% CVSS 9.0
CRITICAL Act Now

Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Governance Risk And Compliance
NVD
EPSS 10% CVSS 10.0
CRITICAL Act Now

The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SAP Code Injection +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Contract Accounting
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS SAP Hana Web Based Development Workbench
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The User & Server configuration, InfoView refresh, user rights (BI-BIP-ADM) component in SAP Business Intellignece allows remote attackers to obtain audit event details via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Business Intelligence Development Workbench
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Business Intelligence Development Workbench
NVD
EPSS 0% CVSS 7.5
HIGH This Week

SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Environment Health And Safety
NVD
EPSS 0% CVSS 7.5
HIGH This Week

SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Netweaver Business Warehouse
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Unspecified vulnerability in SAP Payroll Process allows remote attackers to cause a denial of service via vectors related to session handling. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP Payroll Process
NVD
EPSS 4% CVSS 10.0
CRITICAL Act Now

The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SAP Code Injection +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

RCE SAP Code Injection +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal SAP Environment Health And Safety
NVD
EPSS 33% CVSS 5.0
MEDIUM POC THREAT This Month

The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 32.6%.

Denial Of Service SAP Netweaver
NVD Exploit-DB
EPSS 2% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP Netweaver
NVD
EPSS 1% CVSS 5.0
MEDIUM POC This Month

Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SAP Netweaver
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XXE SAP Java +1
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP Network Interface Router
NVD
EPSS 0% CVSS 7.5
HIGH This Week

SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Hana
NVD
EPSS 1% CVSS 7.5
HIGH This Week

SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Commoncryptolib +4
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

SAP Adaptive Server Enterprise (ASE) 15.7 before SP122 or SP63, 15.5 before ESD#5.4, and 15.0.3 before ESD#4.4 does not properly restrict access, which allows remote authenticated database users to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation SAP Buffer Overflow +1
NVD
EPSS 1% CVSS 5.0
MEDIUM POC This Month

XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE SAP Businessobjects Explorer
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 replies with different timing depending on if a connection can be made, which allows remote attackers to conduct port scanning. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects Explorer
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA Developer Edition Revision 70 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS SAP Hana
NVD
EPSS 1% CVSS 6.0
MEDIUM This Month

Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

RCE SAP Code Injection +1
NVD
EPSS 1% CVSS 3.5
LOW Monitor

Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure SAP Netweaver Abap
NVD
EPSS 0% CVSS 3.5
LOW Monitor

SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure SAP Businessobjects
NVD
EPSS 3% CVSS 7.1
HIGH This Week

The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service SAP Businessobjects
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS SAP Businessobjects
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE SAP +2
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE SAP Crystal Reports
NVD
EPSS 7% CVSS 6.8
MEDIUM This Month

Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE SAP Buffer Overflow +1
NVD
EPSS 2% CVSS 6.0
MEDIUM This Month

SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure SAP Fi Manager Self Service
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Solution Manager
NVD
EPSS 0% CVSS 3.5
LOW Monitor

The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation SAP Netweaver Business Warehouse
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

SAP HANA Extend Application Services (XS) allows remote attackers to bypass access restrictions via a request to a private IU5 SDK application that was once public. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Hana Extended Application Services
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS SAP Hana
NVD
EPSS 0% CVSS 2.9
LOW Monitor

SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and. Rated low severity (CVSS 2.9). No vendor patch available.

Information Disclosure SAP Hana Extended Application Services
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web script or HTML via the url parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS SAP Supplier Relationship Management
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS SAP Netweaver Business Client
NVD
EPSS 0% CVSS 5.8
MEDIUM POC This Month

Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Open Redirect SAP Supplier Relationship Management
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

SAP Open Hub Service has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Open Hub Service
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

SAP Capacity Leveling has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Capacity Leveling
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

SAP Transaction Data Pool has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Transaction Data Pool
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Computing Center Management System Monitoring
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Web Services Tool
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The SAP Upgrade tools for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Upgrade Tools
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The SAP Trader's and Scheduler's Workbench (TSW) for SAP Oil & Gas has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Oil Industry Solution Traders And Schedulers Workbench
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

SAP Brazil add-on has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Brazil
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The (1) Structures and (2) Project-Oriented Procurement components in SAP Project System has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Project System
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Netweaver
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Netweaver
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS SAP Businessobjects
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM This Month

SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Java +1
NVD VulDB
EPSS 0% CVSS 4.0
MEDIUM This Month

SAP Background Processing does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Background Processing
NVD VulDB
EPSS 0% CVSS 4.0
MEDIUM This Month

SAP Profile Maintenance does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Profile Maintenance
NVD VulDB
EPSS 0% CVSS 4.6
MEDIUM This Month

The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation SAP Netweaver Abap Application Server
NVD VulDB
EPSS 1% CVSS 5.0
MEDIUM This Month

The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Java +1
NVD VulDB
EPSS 9% CVSS 4.3
MEDIUM POC This Month

The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation SAP Router
NVD Exploit-DB VulDB
EPSS 1% CVSS 7.5
HIGH This Week

SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Business Object Processing Framework For Abap
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

SAP Print and Output Management has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Print And Output Management
NVD VulDB
EPSS 1% CVSS 5.0
MEDIUM This Month

The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Hana
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Enhancement Package
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Enterprise Portal
NVD VulDB
EPSS 1% CVSS 5.0
MEDIUM This Month

The SAP Software Deployment Manager (SDM), in certain unspecified conditions, allows remote attackers to cause a denial of service via vectors related to failed authentications. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP Authentication Bypass +1
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS SAP Enterprise Portal
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Netweaver
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

Unspecified vulnerability in the Diagnostics (SMD) agent in SAP Solution Manager allows remote attackers to obtain sensitive information, modify the configuration of applications, and install or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Solution Manager
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

An unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SAP Code Injection +1
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM This Month

Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal SAP Cm Services +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Unspecified vulnerability in SAP adminadapter allows remote attackers to read or write to arbitrary files via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Adminadapter
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in SAP Mobile Infrastructure allows remote attackers to obtain sensitive port information via unknown vectors, related to an "internal port scanning" issue. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Mobile Infrastructure
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in SAP Guided Procedures Archive Monitor allows remote attackers to obtain usernames, roles, profiles, and possibly other identity information via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Guided Procedures Archive Monitor
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in the configuration service in SAP J2EE Engine allows remote attackers to obtain credential information via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP J2Ee Engine
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in the SAP CCMS / Database Monitors for Oracle allows attackers to obtain the database password via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Oracle +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

SQL injection vulnerability in SAP BI Universal Data Integration allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to the J2EE schema. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Bi Universal Data Integration
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

SAP Microsoft XSS +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

SAP Microsoft XSS +2
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP Netweaver
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure XXE SAP +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Netweaver
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Netweaver +1
NVD
Prev Page 18 of 19 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy