Skip to main content

SAP

1669 CVEs vendor

Monthly

CVE-2013-7096 HIGH This Week

Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Emr Unwired
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-7095 CRITICAL Act Now

The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Customer Relationship Management
NVD
CVSS 2.0
10.0
EPSS
1.3%
CVE-2013-7094 HIGH This Week

SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Netweaver
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-7093 MEDIUM This Month

SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attackers to bypass authentication and modify the configuration via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Network Interface Router
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2012-0426 HIGH This Week

Race condition in sap_suse_cluster_connector before 1.0.0-0.8.1 in SUSE Linux Enterprise for SAP Applications 11 SP2 allows local users to have an unspecified impact via vectors related to a tmp/. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Race Condition SAP Suse Linux Enterprise For Sap Applications
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2013-6869 HIGH This Week

SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Netweaver
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2013-6868 HIGH This Week

SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain sensitive information via. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Adaptive Server Enterprise
NVD
CVSS 2.0
7.8
EPSS
0.2%
CVE-2013-6867 HIGH This Week

Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 before 15.7 SP50 or 15.7 SP100 allows remote attackers to cause a denial of service via unspecified vectors. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service SAP Adaptive Server Enterprise
NVD
CVSS 2.0
7.1
EPSS
0.7%
CVE-2013-6866 CRITICAL Act Now

SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection SAP RCE Adaptive Server Enterprise
NVD
CVSS 2.0
9.0
EPSS
1.9%
CVE-2013-6865 CRITICAL Act Now

SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection SAP RCE Adaptive Server Enterprise
NVD
CVSS 2.0
9.0
EPSS
2.3%
CVE-2013-6864 MEDIUM This Month

Directory traversal vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal SAP Adaptive Server Enterprise
NVD
CVSS 2.0
6.1
EPSS
0.7%
CVE-2013-6863 CRITICAL Act Now

SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to gain privileges via. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Adaptive Server Enterprise
NVD
CVSS 2.0
9.0
EPSS
0.5%
CVE-2013-6862 HIGH This Week

Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote attackers to cause a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP Adaptive Server Enterprise
NVD
CVSS 2.0
7.8
EPSS
0.5%
CVE-2013-6861 MEDIUM This Month

Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure SAP Adaptive Server Enterprise
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2013-6860 MEDIUM This Month

Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Adaptive Server Enterprise
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-6859 HIGH This Week

SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

SAP Authentication Bypass Adaptive Server Enterprise
NVD
CVSS 2.0
8.5
EPSS
0.6%
CVE-2013-6823 MEDIUM This Month

GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Netweaver
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2013-6822 CRITICAL Act Now

GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Netweaver
NVD
CVSS 2.0
10.0
EPSS
1.5%
CVE-2013-6821 MEDIUM This Month

Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal SAP Netweaver
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2013-6819 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

SAP XSS Netweaver
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-6820 CRITICAL Act Now

Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote attackers to execute arbitrary code by uploading a file with an executable extension via. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

SAP File Upload RCE Netweaver Development Infrastructure
NVD
CVSS 2.0
9.3
EPSS
3.8%
CVE-2013-6818 MEDIUM This Month

SAP NetWeaver Logviewer 6.30, when running on Windows, allows remote attackers to bypass intended access restrictions via unspecified vectors. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Privilege Escalation Microsoft Netweaver Logviewer
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2013-6817 MEDIUM This Month

Heap-based buffer overflow in SAP Network Interface Router (SAProuter) 7.30 allows remote attackers to cause a denial of service and execute arbitrary code via crafted NI Route messages. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service SAP RCE Network Interface Router
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2013-6816 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

SAP XSS Netweaver
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-6815 MEDIUM This Month

The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service XXE SAP Netweaver
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-6814 MEDIUM This Month

The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure SAP Netweaver
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-3243 MEDIUM POC This Month

Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

SAP RCE Opentext Ixos Ecm For Sap Netweaver
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-6284 HIGH This Week

Unspecified vulnerability in the Statutory Reporting for Insurance (FS_SR) component in the Financial Services module for SAP ERP Central Component (ECC) allows attackers to execute arbitrary code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP RCE Erp Central Component
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2013-6245 CRITICAL Act Now

Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP RCE Adaptive Server Enterprise
NVD
CVSS 2.0
10.0
EPSS
8.9%
CVE-2013-6244 MEDIUM This Month

The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Netweaver
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-3244 MEDIUM This Month

Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB function in the Project System (PS-IS) module for SAP ERP Central Component (ECC) allow remote attackers to execute arbitrary. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection SAP RCE Erp Central Component
NVD
CVSS 2.0
6.0
EPSS
1.1%
CVE-2013-6025 MEDIUM POC This Month

The XMLParse procedure in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 ESD 2 allows remote authenticated users to read arbitrary files via a SQL statement containing an XML document with an. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection XXE SAP RCE Adaptive Server Enterprise
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
8.5%
CVE-2013-5751 MEDIUM This Month

Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal SAP Netweaver
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-5723 HIGH This Week

SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Netweaver
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2013-3319 MEDIUM POC THREAT This Month

The GetComputerSystem method in the HostControl service in SAP Netweaver 7.03 allows remote attackers to obtain sensitive information via a crafted SOAP request to TCP port 1128. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.7%.

Information Disclosure SAP Netweaver
NVD
CVSS 2.0
5.0
EPSS
11.7%
CVE-2013-3063 MEDIUM This Month

SAP BASIS Communication Services 4.6B through 7.30 allows remote authenticated users to execute arbitrary commands via unspecified vectors. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure SAP Basis Communication Services
NVD
CVSS 2.0
6.0
EPSS
0.5%
CVE-2013-3062 MEDIUM This Month

The CP_RC_TRANSACTION_CALL_BY_SET function in the Engineering Workbench component in SAP Production Planning and Control allows remote authenticated users to bypass intended transaction restrictions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Production Planning And Control
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2013-3061 MEDIUM This Month

The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Erp Central Component Healthcare Industry Solution
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2012-4341 CRITICAL Act Now

Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.3% and no vendor patch available.

Buffer Overflow Denial Of Service SAP RCE Netweaver Abap
NVD
CVSS 2.0
10.0
EPSS
17.3%
CVE-2012-2612 MEDIUM POC THREAT This Month

The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 36.1%.

Buffer Overflow Denial Of Service SAP Netweaver
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
36.1%
CVE-2012-2611 CRITICAL POC THREAT Emergency

The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 77.7%.

SAP RCE Netweaver
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
77.7%
Threat
5.7
CVE-2012-2514 MEDIUM POC THREAT This Month

The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 36.1%.

Buffer Overflow Denial Of Service SAP Netweaver
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
36.1%
CVE-2012-2513 MEDIUM POC THREAT This Month

The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 26.6%.

Buffer Overflow Denial Of Service SAP Netweaver
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
26.6%
CVE-2012-2512 MEDIUM POC THREAT This Month

The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 36.1%.

Buffer Overflow Denial Of Service SAP Netweaver
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
36.1%
CVE-2012-2511 MEDIUM POC THREAT This Month

The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 25.6%.

Buffer Overflow Denial Of Service SAP Netweaver
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
25.6%
CVE-2012-1292 MEDIUM This Month

Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Netweaver
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2012-1291 MEDIUM This Month

Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Netweaver
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2012-1290 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

SAP XSS Netweaver
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-1289 MEDIUM POC This Month

Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal SAP Netweaver
NVD
CVSS 2.0
4.0
EPSS
0.5%
EPSS 0% CVSS 7.5
HIGH This Week

Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Emr Unwired
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Customer Relationship Management
NVD
EPSS 1% CVSS 7.5
HIGH This Week

SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Netweaver
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attackers to bypass authentication and modify the configuration via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Network Interface Router
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Race condition in sap_suse_cluster_connector before 1.0.0-0.8.1 in SUSE Linux Enterprise for SAP Applications 11 SP2 allows local users to have an unspecified impact via vectors related to a tmp/. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Race Condition SAP +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Netweaver
NVD
EPSS 0% CVSS 7.8
HIGH This Week

SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain sensitive information via. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Adaptive Server Enterprise
NVD
EPSS 1% CVSS 7.1
HIGH This Week

Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 before 15.7 SP50 or 15.7 SP100 allows remote attackers to cause a denial of service via unspecified vectors. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service SAP Adaptive Server Enterprise
NVD
EPSS 2% CVSS 9.0
CRITICAL Act Now

SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection SAP RCE +1
NVD
EPSS 2% CVSS 9.0
CRITICAL Act Now

SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection SAP RCE +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Directory traversal vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal SAP Adaptive Server Enterprise
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to gain privileges via. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Adaptive Server Enterprise
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote attackers to cause a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP Adaptive Server Enterprise
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure SAP Adaptive Server Enterprise
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Adaptive Server Enterprise
NVD
EPSS 1% CVSS 8.5
HIGH This Week

SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

SAP Authentication Bypass Adaptive Server Enterprise
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Netweaver
NVD
EPSS 2% CVSS 10.0
CRITICAL Act Now

GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Netweaver
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal SAP Netweaver
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

SAP XSS Netweaver
NVD
EPSS 4% CVSS 9.3
CRITICAL Act Now

Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote attackers to execute arbitrary code by uploading a file with an executable extension via. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

SAP File Upload RCE +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

SAP NetWeaver Logviewer 6.30, when running on Windows, allows remote attackers to bypass intended access restrictions via unspecified vectors. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Privilege Escalation Microsoft +1
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Heap-based buffer overflow in SAP Network Interface Router (SAProuter) 7.30 allows remote attackers to cause a denial of service and execute arbitrary code via crafted NI Route messages. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service SAP +2
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

SAP XSS Netweaver
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service XXE SAP +1
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure SAP Netweaver
NVD
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

SAP RCE Opentext Ixos Ecm For Sap Netweaver
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Unspecified vulnerability in the Statutory Reporting for Insurance (FS_SR) component in the Financial Services module for SAP ERP Central Component (ECC) allows attackers to execute arbitrary code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP RCE Erp Central Component
NVD
EPSS 9% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP RCE Adaptive Server Enterprise
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Netweaver
NVD
EPSS 1% CVSS 6.0
MEDIUM This Month

Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB function in the Project System (PS-IS) module for SAP ERP Central Component (ECC) allow remote attackers to execute arbitrary. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection SAP RCE +1
NVD
EPSS 8% CVSS 4.0
MEDIUM POC This Month

The XMLParse procedure in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 ESD 2 allows remote authenticated users to read arbitrary files via a SQL statement containing an XML document with an. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection XXE SAP +2
NVD Exploit-DB
EPSS 0% CVSS 5.0
MEDIUM This Month

Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal SAP Netweaver
NVD
EPSS 1% CVSS 7.5
HIGH This Week

SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Netweaver
NVD
EPSS 12% CVSS 5.0
MEDIUM POC THREAT This Month

The GetComputerSystem method in the HostControl service in SAP Netweaver 7.03 allows remote attackers to obtain sensitive information via a crafted SOAP request to TCP port 1128. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.7%.

Information Disclosure SAP Netweaver
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

SAP BASIS Communication Services 4.6B through 7.30 allows remote authenticated users to execute arbitrary commands via unspecified vectors. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure SAP Basis Communication Services
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The CP_RC_TRANSACTION_CALL_BY_SET function in the Engineering Workbench component in SAP Production Planning and Control allows remote authenticated users to bypass intended transaction restrictions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Production Planning And Control
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Erp Central Component +1
NVD
EPSS 17% CVSS 10.0
CRITICAL Act Now

Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.3% and no vendor patch available.

Buffer Overflow Denial Of Service SAP +2
NVD
EPSS 36% CVSS 5.0
MEDIUM POC THREAT This Month

The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 36.1%.

Buffer Overflow Denial Of Service SAP +1
NVD Exploit-DB
EPSS 78% 5.7 CVSS 9.3
CRITICAL POC THREAT Emergency

The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 77.7%.

SAP RCE Netweaver
NVD Exploit-DB
EPSS 36% CVSS 5.0
MEDIUM POC THREAT This Month

The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 36.1%.

Buffer Overflow Denial Of Service SAP +1
NVD Exploit-DB
EPSS 27% CVSS 5.0
MEDIUM POC THREAT This Month

The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 26.6%.

Buffer Overflow Denial Of Service SAP +1
NVD Exploit-DB
EPSS 36% CVSS 5.0
MEDIUM POC THREAT This Month

The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 36.1%.

Buffer Overflow Denial Of Service SAP +1
NVD Exploit-DB
EPSS 26% CVSS 5.0
MEDIUM POC THREAT This Month

The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 25.6%.

Buffer Overflow Denial Of Service SAP +1
NVD Exploit-DB
EPSS 0% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Netweaver
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Netweaver
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

SAP XSS Netweaver
NVD
EPSS 0% CVSS 4.0
MEDIUM POC This Month

Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal SAP Netweaver
NVD
Prev Page 19 of 19

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy