Search Results (1699 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-7358 1 Sap 1 Guided Procedures Archive Monitor 2025-04-12 N/A
Unspecified vulnerability in SAP Guided Procedures Archive Monitor allows remote attackers to obtain usernames, roles, profiles, and possibly other identity information via unknown vectors.
CVE-2013-7355 1 Sap 1 Bi Universal Data Integration 2025-04-12 N/A
SQL injection vulnerability in SAP BI Universal Data Integration allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to the J2EE schema.
CVE-2013-7361 1 Sap 2 Cm Services, Cms Services 2025-04-12 N/A
Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors.
CVE-2015-6662 1 Sap 1 Netweaver 2025-04-12 N/A
XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485.
CVE-2016-3973 1 Sap 1 Netweaver Application Server Java 2025-04-12 5.3 Medium
The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive user information by visiting webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat#, pressing "Add users", and doing a search, aka SAP Security Note 2255990.
CVE-2015-8028 1 Sap 1 3d Visual Enterprise Viewer 2025-04-12 N/A
Multiple buffer overflows in SAP 3D Visual Enterprise Viewer (VEV) allow remote attackers to execute arbitrary code via a crafted (1) 3DM or (2) Flic Animation file.
CVE-2015-3449 1 Sap 1 Afaria 2025-04-12 N/A
The Windows client in SAP Afaria 7.0.6398.0 uses weak permissions (Everyone: read and Everyone: write) for the install folder, which allows local users to gain privileges via a Trojan horse XeService.exe file.
CVE-2014-3133 1 Sap 1 Netweaver Java Application Server 2025-04-12 N/A
SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection.
CVE-2015-4157 1 Sap 1 Content Server 2025-04-12 N/A
SAP Content Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2127995.
CVE-2015-2278 1 Sap 6 Gui, Maxdb, Netweaver Abap Application Server and 3 more 2025-04-12 N/A
The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to look-ups of non-simple codes, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316.
CVE-2014-5506 1 Sap 1 Crystal Reports 2025-04-12 N/A
Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file.
CVE-2014-3132 1 Sap 1 Background Processing 2025-04-12 N/A
SAP Background Processing does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1.
CVE-2016-3635 1 Sap 1 Netweaver 2025-04-12 N/A
SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366.
CVE-2014-8311 1 Sap 1 Businessobjects 2025-04-12 N/A
SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener.
CVE-2015-2076 1 Sap 1 Businessobjects Edge 2025-04-12 N/A
The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395.
CVE-2014-5175 1 Sap 1 Solution Manager 2025-04-12 N/A
The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS.
CVE-2014-5176 1 Sap 1 Fi Manager Self-service 2025-04-12 N/A
SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2014-8660 1 Sap 1 Document Management Services 2025-04-12 N/A
SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors.
CVE-2015-2075 1 Sap 1 Businessobjects Edge 2025-04-12 N/A
SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396.
CVE-2015-2107 2 Hp, Sap 2 Operations Manager I Management Pack, Netweaver 2025-04-12 N/A
HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges.