Filtered by vendor Sap
Subscriptions
Total
1669 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-7367 | 1 Sap | 1 Enterprise Portal | 2025-04-12 | N/A |
| SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors. | ||||
| CVE-2013-7366 | 1 Sap | 1 Software Deployment Manager | 2025-04-12 | N/A |
| The SAP Software Deployment Manager (SDM), in certain unspecified conditions, allows remote attackers to cause a denial of service via vectors related to failed authentications. | ||||
| CVE-2013-7365 | 1 Sap | 1 Enterprise Portal | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||
| CVE-2013-7364 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors. | ||||
| CVE-2015-3621 | 1 Sap | 1 Enterprise Central Component | 2025-04-12 | N/A |
| Untrusted search path vulnerability in SAP Enterprise Central Component (ECC) allows local users to gain privileges via a Trojan horse program. | ||||
| CVE-2014-8669 | 1 Sap | 1 Customer Relationship Management | 2025-04-12 | N/A |
| The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2014-8666 | 1 Sap | 1 Business Intelligence Development Workbench | 2025-04-12 | N/A |
| The User & Server configuration, InfoView refresh, user rights (BI-BIP-ADM) component in SAP Business Intellignece allows remote attackers to obtain audit event details via unspecified vectors. | ||||
| CVE-2013-7362 | 1 Sap | 1 Ccms Agent | 2025-04-12 | N/A |
| An unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands via unknown vectors. | ||||
| CVE-2014-8664 | 1 Sap | 1 Environment Health And Safety | 2025-04-12 | N/A |
| SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2014-8660 | 1 Sap | 1 Document Management Services | 2025-04-12 | N/A |
| SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2013-7361 | 1 Sap | 2 Cm Services, Cms Services | 2025-04-12 | N/A |
| Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors. | ||||
| CVE-2013-7358 | 1 Sap | 1 Guided Procedures Archive Monitor | 2025-04-12 | N/A |
| Unspecified vulnerability in SAP Guided Procedures Archive Monitor allows remote attackers to obtain usernames, roles, profiles, and possibly other identity information via unknown vectors. | ||||
| CVE-2013-7357 | 1 Sap | 1 J2ee Engine | 2025-04-12 | N/A |
| Unspecified vulnerability in the configuration service in SAP J2EE Engine allows remote attackers to obtain credential information via unknown vectors. | ||||
| CVE-2016-9562 | 1 Sap | 1 Netweaver Application Server Java | 2025-04-12 | 7.5 High |
| SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835. | ||||
| CVE-2015-4158 | 1 Sap | 2 Netweaver Abap Application Server, Netweaver Java Application Server | 2025-04-12 | N/A |
| SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661. | ||||
| CVE-2016-1929 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, related to an unspecified debug function, aka SAP Security Note 2241978. | ||||
| CVE-2013-7356 | 1 Sap | 1 Ccms \/ Database Monitor | 2025-04-12 | N/A |
| Unspecified vulnerability in the SAP CCMS / Database Monitors for Oracle allows attackers to obtain the database password via unknown vectors. | ||||
| CVE-2013-7355 | 1 Sap | 1 Bi Universal Data Integration | 2025-04-12 | N/A |
| SQL injection vulnerability in SAP BI Universal Data Integration allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to the J2EE schema. | ||||
| CVE-2015-2072 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or (2) xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs, aka SAP Note 2069676. | ||||
| CVE-2014-3131 | 1 Sap | 1 Profile Maintenance | 2025-04-12 | N/A |
| SAP Profile Maintenance does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1. | ||||