| Max CVSS | 10.0 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2013-3061 | 6.5 |
The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), allows remote authenticated users to bypass intended transactio
|
26-09-2023 - 20:09 | 01-05-2013 - 12:00 | |
| CVE-2012-4341 | 10.0 |
Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parame
|
06-10-2022 - 15:20 | 15-08-2012 - 21:55 | |
| CVE-2011-5154 | 6.9 |
Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and (2) BExAnalyzer.exe in SAP GUI 6.4 through 7.2 allow local users to gain privileges via a Trojan horse MFC80LOC.DLL file in the current working directory, as demonstrated by a direc
|
15-01-2021 - 13:29 | 06-09-2012 - 10:41 | |
| CVE-2013-5723 | 7.5 |
SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE."
|
10-12-2018 - 19:29 | 12-09-2013 - 13:31 | |
| CVE-2014-8590 | 4.3 |
XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request. <a href="http://cwe.mitre.org/data/definitions/611.html" targe
|
10-12-2018 - 19:29 | 04-11-2014 - 15:55 | |
| CVE-2014-8660 | 7.2 |
SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors.
|
10-12-2018 - 19:29 | 06-11-2014 - 15:55 | |
| CVE-2014-8588 | 7.5 |
SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
10-12-2018 - 19:29 | 04-11-2014 - 15:55 | |
| CVE-2010-3032 | 10.0 |
Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a cr
|
10-10-2018 - 20:00 | 17-08-2010 - 20:00 | |
| CVE-2010-2347 | 4.9 |
The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 through 7.02, and Server Core (SERVERCORE) 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors.
|
10-10-2018 - 19:59 | 21-06-2010 - 19:30 | |
| CVE-2010-2590 | 9.3 |
Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion pr
|
10-10-2018 - 19:59 | 22-12-2010 - 03:00 | |
| CVE-2010-0219 | 10.0 |
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by u
|
10-10-2018 - 19:51 | 18-10-2010 - 17:00 | |
| CVE-2009-2932 | 4.3 |
Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field.
|
10-10-2018 - 19:42 | 21-08-2009 - 20:30 | |
| CVE-2013-3678 | 9.0 |
Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP-RFC request.
|
09-10-2018 - 19:34 | 19-11-2014 - 02:59 | |
| CVE-2012-2612 | 5.0 |
The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
|
29-12-2017 - 02:29 | 15-05-2012 - 04:21 | |
| CVE-2012-2514 | 5.0 |
The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
|
06-12-2017 - 02:29 | 15-05-2012 - 04:21 | |
| CVE-2014-2748 | 7.5 |
The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors. NOTE: some of these details are obtained from third party information.
|
29-08-2017 - 01:34 | 10-04-2014 - 20:55 | |
| CVE-2014-2749 | 5.0 |
The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request.
|
29-08-2017 - 01:34 | 10-04-2014 - 20:55 | |
| CVE-2012-1289 | 4.0 |
Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (c
|
29-08-2017 - 01:31 | 23-02-2012 - 20:07 | |
| CVE-2012-2511 | 5.0 |
The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
|
29-08-2017 - 01:31 | 15-05-2012 - 04:21 | |
| CVE-2012-2513 | 5.0 |
The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
|
29-08-2017 - 01:31 | 15-05-2012 - 04:21 | |
| CVE-2012-2512 | 5.0 |
The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
|
29-08-2017 - 01:31 | 15-05-2012 - 04:21 | |
| CVE-2010-4556 | 9.3 |
Stack-based buffer overflow in the SapThemeRepository ActiveX control (sapwdpcd.dll) in SAP NetWeaver Business Client allows remote attackers to execute arbitrary code via the (1) Load and (2) LoadTheme methods.
|
17-08-2017 - 01:33 | 17-12-2010 - 19:00 | |
| CVE-2010-2904 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2)
|
17-08-2017 - 01:32 | 28-07-2010 - 21:30 | |
| CVE-2007-4475 | 9.3 |
Stack-based buffer overflow in EAI WebViewer3D ActiveX control (webviewer3d.dll) in SAP AG SAPgui before 7.10 Patch Level 9 allows remote attackers to execute arbitrary code via a long argument to the SaveViewToSessionFile method.
|
29-07-2017 - 01:32 | 01-04-2009 - 18:30 | |
| CVE-2013-7365 | 4.3 |
Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
|
31-12-2016 - 02:59 | 10-04-2014 - 20:55 | |
| CVE-2013-7367 | 7.5 |
SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors.
|
11-04-2014 - 18:19 | 10-04-2014 - 20:55 | |
| CVE-2013-7366 | 5.0 |
The SAP Software Deployment Manager (SDM), in certain unspecified conditions, allows remote attackers to cause a denial of service via vectors related to failed authentications.
|
11-04-2014 - 18:13 | 10-04-2014 - 20:55 | |
| CVE-2013-7364 | 7.5 |
An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors.
|
11-04-2014 - 17:16 | 10-04-2014 - 20:55 | |
| CVE-2013-7363 | 7.5 |
Unspecified vulnerability in the Diagnostics (SMD) agent in SAP Solution Manager allows remote attackers to obtain sensitive information, modify the configuration of applications, and install or remove applications via vectors involving the P4 protoc
|
11-04-2014 - 17:09 | 10-04-2014 - 20:55 | |
| CVE-2013-7362 | 7.5 |
An unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands via unknown vectors.
|
11-04-2014 - 17:03 | 10-04-2014 - 20:55 | |
| CVE-2013-3062 | 6.5 |
The CP_RC_TRANSACTION_CALL_BY_SET function in the Engineering Workbench component in SAP Production Planning and Control allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors.
|
07-03-2014 - 13:39 | 01-05-2013 - 12:00 | |
| CVE-2013-6245 | 10.0 |
Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3. 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors.
|
25-11-2013 - 04:36 | 24-10-2013 - 00:55 | |
| CVE-2013-3063 | 6.0 |
SAP BASIS Communication Services 4.6B through 7.30 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
|
19-11-2013 - 04:48 | 01-05-2013 - 12:00 | |
| CVE-2013-6244 | 5.0 |
The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in
|
31-10-2013 - 03:36 | 24-10-2013 - 00:55 | |
| CVE-2013-6284 | 7.5 |
Unspecified vulnerability in the Statutory Reporting for Insurance (FS_SR) component in the Financial Services module for SAP ERP Central Component (ECC) allows attackers to execute arbitrary code via unspecified vectors, related to a "code injection
|
28-10-2013 - 15:03 | 26-10-2013 - 16:55 | |
| CVE-2013-3244 | 6.0 |
Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB function in the Project System (PS-IS) module for SAP ERP Central Component (ECC) allow remote attackers to execute arbitrary code via a (1) RFC or (2) SOAP-RFC request.
|
25-10-2013 - 15:18 | 24-10-2013 - 00:55 | |
| CVE-2012-2611 | 9.3 |
The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to exec
|
19-08-2012 - 03:44 | 15-05-2012 - 04:21 | |
| CVE-2012-1292 | 5.0 |
Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vectors.
|
27-02-2012 - 05:00 | 23-02-2012 - 20:07 | |
| CVE-2012-1290 | 4.3 |
Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter.
|
24-02-2012 - 05:00 | 23-02-2012 - 20:07 | |
| CVE-2012-1291 | 5.0 |
Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the EnableInvokerSer
|
24-02-2012 - 05:00 | 23-02-2012 - 20:07 | |
| CVE-2009-4603 | 5.0 |
Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console s
|
13-01-2010 - 13:33 | 12-01-2010 - 17:30 |