Filtered by vendor Sap
Subscriptions
Total
1621 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2003-0943 | 1 Sap | 1 Sap Db | 2025-04-03 | N/A |
| web-tools in SAP DB before 7.4.03.30 installs several services that are enabled by default, which could allow remote attackers to obtain potentially sensitive information or redirect attacks against internal databases via (1) waecho, (2) Web SQL Interface (websql), or (3) Web Database Manager (webdbm). | ||||
| CVE-2003-1034 | 1 Sap | 1 Sap Db | 2025-04-03 | N/A |
| The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) lserver programs with world-writable permissions, which allows local users to gain privileges by modifying those programs. | ||||
| CVE-2006-4133 | 1 Sap | 1 Internet Graphics Server | 2025-04-03 | N/A |
| Heap-based buffer overflow in SAP Internet Graphics Service (IGS) 6.40 and earlier, and 7.00 and earlier, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via an HTTP request with an ADM:GETLOGFILE command and a long portwatcher argument, which triggers the overflow during error message construction when the _snprintf function returns a negative value that is used in a memcpy operation. | ||||
| CVE-2002-1577 | 1 Sap | 1 Sap R 3 | 2025-04-03 | N/A |
| SAP R/3 2.0B to 4.6D installs several clients with default users and passwords, which allows remote attackers to gain privileges via the (1) SAP*, (2) SAPCPIC, (3) DDIC, (4) EARLYWATCH, or (5) TMSADM accounts. | ||||
| CVE-2003-0942 | 1 Sap | 1 Sap Db | 2025-04-03 | N/A |
| Buffer overflow in Web Agent Administration service in web-tools for SAP DB before 7.4.03.30 allows remote attackers to execute arbitrary code via a long Name parameter to waadmin.wa. | ||||
| CVE-2006-0731 | 1 Sap | 1 Business Connector | 2025-04-03 | N/A |
| WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earlier allows remote attackers to conduct spoofing (phishing) attacks via an absolute URL in the url parameter, which loads the URL inside a frame. | ||||
| CVE-2003-0938 | 1 Sap | 1 Sap Db | 2025-04-03 | N/A |
| vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows local users to gain SYSTEM privileges via a malicious "NETAPI32.DLL" in the current working directory, which is found and loaded by SAP DB before the real DLL, as demonstrated using the SQLAT stored procedure. | ||||
| CVE-2003-1038 | 1 Sap | 1 Internet Transaction Server | 2025-04-03 | N/A |
| The AGate component for SAP Internet Transaction Server (ITS) allows remote attackers to obtain sensitive information via a ~command parameter with an AgateInstallCheck value, which provides a list of installed DLLs and full pathnames. | ||||
| CVE-2002-1579 | 1 Sap | 1 Sapgui | 2025-04-03 | N/A |
| SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of service (crash) via a connection to a high-numbered port, which generates an "unknown connection data" error. | ||||
| CVE-2002-1576 | 1 Sap | 1 Sap Db | 2025-04-03 | N/A |
| lserver in SAP DB 7.3 and earlier uses the current working directory to find and execute the lserversrv program, which allows local users to gain privileges with a malicious lserversrv that is called from a directory that has a symlink to the lserver program. | ||||
| CVE-2005-4815 | 1 Sap | 1 Sap R 3 | 2025-04-03 | N/A |
| SAP 6.4 before 6.40 patch 4, 6.2 before 6.20 patch 1364, 4.6 before 4.6D patch 1767, 45 before 45B patch 913, 40 before 40B patch 1008, and 31 before 31I patch 735 do not properly restrict process execution by lnaxdm/sapsys, which allows remote attackers to execute arbitrary code via a certain UDP packet that ends with the name of a local executable file, aka the "FX SAP R/3 gwrd vuln." | ||||
| CVE-2005-3636 | 1 Sap | 1 Sap Web Application Server | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages. | ||||
| CVE-2003-0749 | 1 Sap | 1 Internet Transaction Server | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to insert arbitrary web script and steal cookies via the ~service parameter. | ||||
| CVE-2005-3635 | 1 Sap | 1 Sap Web Application Server | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application. | ||||
| CVE-2005-3633 | 1 Sap | 1 Sap Web Application Server | 2025-04-03 | N/A |
| HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter. | ||||
| CVE-2005-1691 | 1 Sap | 1 Sap R 3 | 2025-04-03 | N/A |
| Directory traversal vulnerability in Internet Graphics Server in SAP before 6.40 Patch 11 allows remote attackers to read arbitrary files via ".." sequences in an HTTP GET request. | ||||
| CVE-2003-0747 | 1 Sap | 1 Internet Transaction Server | 2025-04-03 | N/A |
| wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to obtain potentially sensitive information such as directory structure and operating system via incorrect parameters (1) ~service, (2) ~templatelanguage, (3) ~language, (4) ~theme, or (5) ~template, which leaks the information in the resulting error message. | ||||
| CVE-2023-0025 | 1 Sap | 1 Solution Manager | 2025-03-21 | 6.5 Medium |
| SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources. | ||||
| CVE-2023-23851 | 1 Sap | 1 Business Planning And Consolidation | 2025-03-21 | 5.4 Medium |
| SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation. If other users visit the uploaded malicious web page, the attacker may perform actions on behalf of the users without their consent impacting the confidentiality and integrity of the system. | ||||
| CVE-2023-24521 | 1 Sap | 1 Netweaver As Abap Business Server Pages | 2025-03-21 | 6.1 Medium |
| Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Framework) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This may lead to a limited impact on the confidentiality and the integrity of the application. | ||||