Search Results (1699 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-3678 1 Sap 1 Governance Risk And Compliance 2025-04-12 N/A
Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP-RFC request.
CVE-2016-4016 1 Sap 1 Java As 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remote attackers to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xapps~xmii~ui~admin~navigation/NavigationApplication, aka SAP Security Note 2201295.
CVE-2016-7437 1 Sap 1 Netweaver 2025-04-12 N/A
SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 2252312.
CVE-2015-4157 1 Sap 1 Content Server 2025-04-12 N/A
SAP Content Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2127995.
CVE-2016-3974 1 Sap 1 Netweaver Application Server Java 2025-04-12 9.1 Critical
XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to _tc~monitoring~webservice~web/ServerNodesWSService, aka SAP Security Note 2235994.
CVE-2016-6856 1 Sap 1 Hybris 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Inbox Search feature in Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to inject arbitrary web script or HTML via the itemsperpage parameter.
CVE-2016-6857 1 Sap 1 Hybris 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Create Catalogue feature in Hybris Management Console (HMC) in SAP Hybris before 5.2.0.13, 5.3.x before 5.3.0.11, 5.4.x before 5.4.0.11, 5.5.0.x before 5.5.0.10, 5.5.1.x before 5.5.1.11, 5.6.x before 5.6.0.11, and 5.7.x before 5.7.0.15 allows remote authenticated users to inject arbitrary web script or HTML via the ID field.
CVE-2016-6150 1 Sap 1 Hana 2025-04-12 N/A
The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended access restrictions and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2233550.
CVE-2016-6147 1 Sap 1 Trex 2025-04-12 N/A
An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226.
CVE-2014-0984 1 Sap 1 Router 2025-04-12 N/A
The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack.
CVE-2016-6146 1 Sap 1 Trex 2025-04-12 N/A
The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to obtain sensitive TNS information via an unspecified query, aka SAP Security Note 2234226.
CVE-2016-6139 1 Sap 1 Trex 2025-04-12 N/A
SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.
CVE-2016-6140 1 Sap 1 Trex 2025-04-12 N/A
SAP TREX 7.10 Revision 63 allows remote attackers to write to arbitrary files via vectors related to RFC-Gateway, aka SAP Security Note 2203591.
CVE-2016-6142 1 Sap 1 Hana 2025-04-12 N/A
SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459.
CVE-2014-4160 1 Sap 1 Netweaver Business Client 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) sap-accessibility parameter.
CVE-2015-8029 1 Sap 1 3d Visual Enterprise Viewer 2025-04-12 N/A
SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted Filmbox document, which triggers memory corruption.
CVE-2016-6138 1 Sap 1 Trex 2025-04-12 N/A
Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.
CVE-2016-5847 1 Sap 1 Sapcar Archive Tool 2025-04-12 N/A
SAP SAPCAR allows local users to change the permissions of arbitrary files and consequently gain privileges via a hard link attack on files extracted from an archive, possibly related to SAP Security Note 2327384.
CVE-2016-5845 1 Sap 1 Sapcar 2025-04-12 5.5 Medium
SAP SAPCAR does not check the return value of file operations when extracting files, which allows remote attackers to cause a denial of service (program crash) via an invalid file name in an archive file, aka SAP Security Note 2312905.
CVE-2014-2752 1 Sap 1 Business Object Processing Framework For Abap 2025-04-12 N/A
SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.