Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-16 | CVE-2016-2387 | Cross-site Scripting vulnerability in SAP Netweaver 7.40 Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy Runtime ProxyServer servlet in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) ns or (2) interface parameter to ProxyServer/register, aka SAP Security Note 2220571. | 4.3 |
| 2016-02-16 | CVE-2016-2386 | SQL Injection vulnerability in SAP Netweaver 7.40 SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079. | 7.5 |
| 2016-01-20 | CVE-2016-1929 | Improper Input Validation vulnerability in SAP Hana The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, related to an unspecified debug function, aka SAP Security Note 2241978. | 8.5 |
| 2016-01-20 | CVE-2016-1928 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Hana Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security Note 2241978. | 7.5 |
| 2016-01-15 | CVE-2016-1911 | Cross-site Scripting vulnerability in SAP Netweaver 7.40 Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) Runtime Workbench (RWB) or (2) Pmitest servlet in the Process Monitoring Infrastructure (PMI), aka SAP Security Notes 2206793 and 2234918. | 4.3 |
| 2016-01-15 | CVE-2016-1910 | Information Exposure vulnerability in SAP Netweaver 7.40 The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290. | 5.0 |
| 2016-01-08 | CVE-2015-8753 | Permissions, Privileges, and Access Controls vulnerability in SAP Afaria 7.0.6001.5 SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization checks and wipe or lock mobile devices via a crafted request, related to "Insecure signature," aka SAP Security Note 2134905. | 9.4 |
| 2015-12-17 | CVE-2015-8600 | Permissions, Privileges, and Access Controls vulnerability in SAP Mobile Platform The SysAdminWebTool servlets in SAP Mobile Platform allow remote attackers to bypass authentication and obtain sensitive information, gain privileges, or have unspecified other impact via unknown vectors, aka SAP Security Note 2227855. | 7.5 |
| 2015-11-24 | CVE-2015-8330 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Plant Connectivity The PCo agent in SAP Plant Connectivity (PCo) allows remote attackers to cause a denial of service (memory corruption and agent crash) via crafted xMII requests, aka SAP Security Note 2238619. | 7.8 |
| 2015-11-24 | CVE-2015-8329 | Cryptographic Issues vulnerability in SAP Manufacturing Integration and Intelligence 12.2/14.0/15.0 SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) uses weak encryption (Base64 and DES), which allows attackers to conduct downgrade attacks and decrypt passwords via unspecified vectors, aka SAP Security Note 2240274. | 5.0 |