| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security Note 2159601. |
| Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982. |
| SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690. |
| SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener. |
| SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278. |
| SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892. |
| The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack. |
| Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function. |
| SAP Content Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2127995. |
| Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, aka SAP Security Note 2153690. |
| XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tc~sld~wd~main/Main, related to "CIM UPLOAD," aka SAP Security Note 2090851. |
| SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534. |
| SAP TREX 7.10 Revision 63 allows remote attackers to write to arbitrary files via vectors related to RFC-Gateway, aka SAP Security Note 2203591. |
| SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors. |
| Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534. |
| SAP Sybase Unwired Platform Online Data Proxy allows local users to obtain usernames and passwords via the DataVault, aka SAP Security Note 2094830. |
| SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565. |
| The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818. |
| Untrusted search path vulnerability in SAP Enterprise Central Component (ECC) allows local users to gain privileges via a Trojan horse program. |
