Vulnerabilities (CVE)

Vendor filter

Sap Subscribe

Filter

139 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-2420 1 Sap 1 Internet Graphics Server 2019-10-09 7.5
SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation.
CVE-2018-2408 1 Sap 1 Businessobjects 2019-10-09 7.5
Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active.
CVE-2018-2404 1 Sap 1 Disclosure Management 2019-10-09 7.5
SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation.
CVE-2017-6950 1 Sap 1 Gui For Windows 2019-10-03 7.5
SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616.
CVE-2017-15293 1 Sap 1 Point Of Sale Xpress Server 2019-10-03 10.0
Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. This is SAP Security Note 2520064.
CVE-2017-8914 1 Sap 1 Hana Xs 2019-10-03 7.5
sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694.
CVE-2017-15295 1 Sap 1 Point Of Sale Xpress Server 2019-10-03 10.0
Xpress Server in SAP POS does not require authentication for read/write/delete file access. This is SAP Security Note 2520064.
CVE-2019-0365 1 Sap 5 Sap Kernel, Sap Kernel Krnl32nuc, Sap Kernel Krnl32uc and 2 more 2019-09-11 7.8
SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows...
CVE-2019-0344 1 Sap 1 Commerce Cloud 2019-08-26 7.5
Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.
CVE-2019-0328 1 Sap 1 Netweaver Process Integration 2019-07-18 9.0
ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability...
CVE-2019-0304 1 Sap 5 Advanced Business Application Programming Platform Kernel, Advanced Business Application Programming Platform Krnl32nuc, Advanced Business Application Programming Platform Krnl32uc and 2 more 2019-06-14 7.5
FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21,...
CVE-2019-0261 1 Sap 1 Landscape Management 2019-02-26 7.5
Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP...
CVE-2019-0259 1 Sap 1 Businessobjects 2019-02-20 7.5
SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation.
CVE-2017-9845 1 Sap 1 Netweaver 2018-12-10 7.8
disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918.
CVE-2017-9844 1 Sap 1 Netweaver 2018-12-10 7.5
SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804.
CVE-2017-11459 1 Sap 1 Trex 2018-12-10 7.5
SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592.
CVE-2016-6818 1 Sap 1 Business Intelligence Platform 2018-12-10 10.0
SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service (data deletion), or launch administrative operations or possibly...
CVE-2016-4018 1 Sap 1 Hana 2018-12-10 7.5
The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and conduct unspecified other attacks via...
CVE-2016-4014 1 Sap 1 Netweaver 2018-12-10 9.0
XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389.
CVE-2016-3974 1 Sap 1 Netweaver 2018-12-10 7.5
XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to...