Filtered by vendor Sap
Subscriptions
Total
1555 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-2751 | 1 Sap | 1 Print And Output Management | 2025-04-12 | N/A |
| SAP Print and Output Management has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
| CVE-2014-2749 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request. | ||||
| CVE-2016-6138 | 1 Sap | 1 Trex | 2025-04-12 | N/A |
| Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591. | ||||
| CVE-2014-2748 | 1 Sap | 2 Enhancement Package, Erp | 2025-04-12 | N/A |
| The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2015-2075 | 1 Sap | 1 Businessobjects Edge | 2025-04-12 | N/A |
| SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396. | ||||
| CVE-2016-3685 | 3 Apple, Microsoft, Sap | 3 Macos, Windows, Download Manager | 2025-04-12 | N/A |
| SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of a hardcoded key in the program code and a computer BIOS serial number, aka SAP Security Note 2282338. | ||||
| CVE-2016-4407 | 1 Sap | 1 Sapcryptolib | 2025-04-12 | N/A |
| The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008. | ||||
| CVE-2016-3639 | 1 Sap | 1 Hana Db | 2025-04-12 | N/A |
| SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128. | ||||
| CVE-2016-3980 | 1 Sap | 1 Application Server Java | 2025-04-12 | N/A |
| The Java Startup Framework (aka jstart) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted HTTP request, aka SAP Security Note 2259547. | ||||
| CVE-2014-0995 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern. | ||||
| CVE-2014-0984 | 1 Sap | 1 Router | 2025-04-12 | N/A |
| The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack. | ||||
| CVE-2013-7367 | 1 Sap | 1 Enterprise Portal | 2025-04-12 | N/A |
| SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors. | ||||
| CVE-2013-7366 | 1 Sap | 1 Software Deployment Manager | 2025-04-12 | N/A |
| The SAP Software Deployment Manager (SDM), in certain unspecified conditions, allows remote attackers to cause a denial of service via vectors related to failed authentications. | ||||
| CVE-2016-4015 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784. | ||||
| CVE-2013-7365 | 1 Sap | 1 Enterprise Portal | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||
| CVE-2016-1911 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) Runtime Workbench (RWB) or (2) Pmitest servlet in the Process Monitoring Infrastructure (PMI), aka SAP Security Notes 2206793 and 2234918. | ||||
| CVE-2013-7364 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors. | ||||
| CVE-2016-1910 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290. | ||||
| CVE-2013-7363 | 1 Sap | 1 Solution Manager | 2025-04-12 | N/A |
| Unspecified vulnerability in the Diagnostics (SMD) agent in SAP Solution Manager allows remote attackers to obtain sensitive information, modify the configuration of applications, and install or remove applications via vectors involving the P4 protocol. | ||||
| CVE-2013-7362 | 1 Sap | 1 Ccms Agent | 2025-04-12 | N/A |
| An unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands via unknown vectors. | ||||