Filtered by vendor Sap
Subscriptions
Total
1621 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-7992 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to cause a denial of service (memory corruption and indexserver crash) via unspecified vectors to the EXECUTE_SEARCH_RULE_SET stored procedure, aka SAP Security Note 2175928. | ||||
| CVE-2015-7991 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| The Web Dispatcher service in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to read web dispatcher and security trace files and possibly obtain passwords via unspecified vectors, aka SAP Security Note 2148854. | ||||
| CVE-2015-8028 | 1 Sap | 1 3d Visual Enterprise Viewer | 2025-04-12 | N/A |
| Multiple buffer overflows in SAP 3D Visual Enterprise Viewer (VEV) allow remote attackers to execute arbitrary code via a crafted (1) 3DM or (2) Flic Animation file. | ||||
| CVE-2015-7828 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitrary code or have unspecified other impact via a TrexNet packet to the (1) fcopydir, (2) fmkdir, (3) frmdir, (4) getenv, (5) dumpenv, (6) fcopy, (7) fput, (8) fdel, (9) fmove, (10) fget, (11) fappend, (12) fdir, (13) getTraces, (14) kill, (15) pexec, (16) stop, or (17) pythonexec method, aka SAP Security Note 2165583. | ||||
| CVE-2015-7729 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892. | ||||
| CVE-2015-7728 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to inject arbitrary web script or HTML via the username, aka SAP Security Note 2153898. | ||||
| CVE-2015-7727 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the (1) trace configuration page or (2) getSqlTraceConfiguration function, aka SAP Security Note 2153898. | ||||
| CVE-2015-7726 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in role deletion in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allows remote authenticated users to inject arbitrary web script or HTML via the role name, aka SAP Security Note 2153898. | ||||
| CVE-2015-7239 | 1 Sap | 1 Netweaver J2ee Engine | 2025-04-12 | N/A |
| SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2015-6662 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485. | ||||
| CVE-2015-6663 | 1 Sap | 1 Afaria | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Client form in the Device Inspector page in SAP Afaria 7 allows remote attackers to inject arbitrary web script or HTML via crafted client name data, aka SAP Security Note 2152669. | ||||
| CVE-2015-6664 | 1 Sap | 1 Mobile Platform | 2025-04-12 | N/A |
| XML external entity (XXE) vulnerability in the application import functionality in SAP Mobile Platform 2.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2152227. | ||||
| CVE-2015-5068 | 1 Sap | 1 Mobile Platform | 2025-04-12 | N/A |
| XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security Note 2159601. | ||||
| CVE-2015-4159 | 1 Sap | 1 Hana Web-based Development Workbench | 2025-04-12 | N/A |
| SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892. | ||||
| CVE-2015-4160 | 1 Sap | 1 Ase Database Platform | 2025-04-12 | N/A |
| SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278. | ||||
| CVE-2015-4161 | 1 Sap | 1 Afaria | 2025-04-12 | N/A |
| SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690. | ||||
| CVE-2015-3979 | 1 Sap | 1 Customer Relationship Management | 2025-04-12 | N/A |
| Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534. | ||||
| CVE-2015-3978 | 1 Sap | 1 Sybase Unwired Platform Online Data Proxy | 2025-04-12 | N/A |
| SAP Sybase Unwired Platform Online Data Proxy allows local users to obtain usernames and passwords via the DataVault, aka SAP Security Note 2094830. | ||||
| CVE-2015-3994 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818. | ||||
| CVE-2015-3995 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565. | ||||