Filtered by vendor Sap
Subscriptions
Total
1674 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-8308 | 1 Sap | 1 Businessobjects | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-6252 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors. | ||||
| CVE-2016-6147 | 1 Sap | 1 Trex | 2025-04-12 | N/A |
| An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226. | ||||
| CVE-2014-5506 | 1 Sap | 1 Crystal Reports | 2025-04-12 | N/A |
| Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file. | ||||
| CVE-2014-5505 | 1 Sap | 1 Crystal Reports | 2025-04-12 | N/A |
| Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file. | ||||
| CVE-2015-2812 | 1 Sap | 1 Netweaver Enterprise Portal | 2025-04-12 | N/A |
| XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966. | ||||
| CVE-2014-8659 | 1 Sap | 1 Environment Health And Safety | 2025-04-12 | N/A |
| Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2016-2536 | 2 Google, Sap | 2 Sketchup, 3d Visual Enterprise Viewer | 2025-04-12 | N/A |
| Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp. | ||||
| CVE-2014-5174 | 1 Sap | 1 Netweaver Business Warehouse | 2025-04-12 | N/A |
| The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2014-5173 | 1 Sap | 1 Hana Extended Application Services | 2025-04-12 | N/A |
| SAP HANA Extend Application Services (XS) allows remote attackers to bypass access restrictions via a request to a private IU5 SDK application that was once public. | ||||
| CVE-2014-5172 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-4160 | 1 Sap | 1 Netweaver Business Client | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) sap-accessibility parameter. | ||||
| CVE-2014-5176 | 1 Sap | 1 Fi Manager Self-service | 2025-04-12 | N/A |
| SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
| CVE-2014-5175 | 1 Sap | 1 Solution Manager | 2025-04-12 | N/A |
| The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS. | ||||
| CVE-2014-0995 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern. | ||||
| CVE-2014-4161 | 1 Sap | 1 Supplier Relationship Management | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web script or HTML via the url parameter. | ||||
| CVE-2014-4010 | 1 Sap | 1 Transaction Data Pool | 2025-04-12 | N/A |
| SAP Transaction Data Pool has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
| CVE-2014-8310 | 1 Sap | 1 Businessobjects | 2025-04-12 | N/A |
| The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message. | ||||
| CVE-2014-4009 | 1 Sap | 1 Computing Center Management System Monitoring | 2025-04-12 | N/A |
| SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
| CVE-2014-4008 | 1 Sap | 1 Web Services Tool | 2025-04-12 | N/A |
| SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||