Vulnerabilities > SAP

DATE	CVE	VULNERABILITY TITLE	RISK
2017-07-12	CVE-2017-9845	Resource Exhaustion vulnerability in SAP Netweaver 7.40 disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918. network low complexity sap CWE-400	7.8
2017-07-12	CVE-2017-9844	Deserialization of Untrusted Data vulnerability in SAP Netweaver 7400.12.21.30308 SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804. network low complexity sap CWE-502	7.5
2017-07-12	CVE-2017-9843	Unspecified vulnerability in SAP Netweaver Abap 7.40 SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service (process crash) via vectors involving disp+work.exe, aka SAP Security Note 2406841. network low complexity sap	2.7
2017-06-15	CVE-2017-9613	Cross-site Scripting vulnerability in SAP Successfactors Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality. network sap CWE-79	3.5
2017-05-26	CVE-2016-6256	XXE vulnerability in SAP Business ONE 1.2.3 SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.in_WCSX/com.sap.b1i.vplatform.runtime/INB_WS_CALL_SYNC_XPT/INB_WS_CALL_SYNC_XPT.ipo/proc, aka SAP Security Note 2378065. network sap CWE-611	6.8
2017-05-23	CVE-2017-8915	Reachable Assertion vulnerability in SAP Hana XS 1.00/2.00 sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service (assertion failure and service crash) by pushing a package with a filename containing a $ (dollar sign) or % (percent) character, aka SAP Security Note 2407694. network low complexity sap CWE-617	5.0
2017-05-23	CVE-2017-8914	Multiple Security vulnerability in SAP HANA sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694. network low complexity sap	7.5
2017-05-23	CVE-2017-8913	XXE vulnerability in SAP Netweaver 7.5 The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873. network low complexity sap CWE-611	6.5
2017-05-10	CVE-2017-8852	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Sapcar 721.510 SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. network sap CWE-119	6.8
2017-04-14	CVE-2017-7717	SQL Injection vulnerability in SAP Netweaver 7.40 SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504. network low complexity sap CWE-89	6.5

Vulnerabilities > SAP {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"SAP"}]}

Vulnerabilities > SAP