Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-15 | CVE-2017-9613 | Cross-site Scripting vulnerability in SAP Successfactors B1702P5E.1190658 Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality. | 5.4 |
| 2017-05-26 | CVE-2016-6256 | XXE vulnerability in SAP Business ONE 1.2.3 SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.in_WCSX/com.sap.b1i.vplatform.runtime/INB_WS_CALL_SYNC_XPT/INB_WS_CALL_SYNC_XPT.ipo/proc, aka SAP Security Note 2378065. | 9.6 |
| 2017-05-23 | CVE-2017-8915 | Reachable Assertion vulnerability in SAP Hana XS 1.00/2.00 sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service (assertion failure and service crash) by pushing a package with a filename containing a $ (dollar sign) or % (percent) character, aka SAP Security Note 2407694. | 7.5 |
| 2017-05-23 | CVE-2017-8914 | Unspecified vulnerability in SAP Hana XS 1.00/2.00 sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694. | 8.3 |
| 2017-05-23 | CVE-2017-8913 | XXE vulnerability in SAP Netweaver Application Server Java 7.50 The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873. | 8.8 |
| 2017-05-10 | CVE-2017-8852 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Sapcar 721.510 SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. | 7.8 |
| 2017-04-14 | CVE-2017-7717 | SQL Injection vulnerability in SAP Netweaver Application Server Java 7.40 SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504. | 8.8 |
| 2017-04-14 | CVE-2017-7696 | Allocation of Resources Without Limits or Throttling vulnerability in SAP SSO Authentication Library 2.0/3.0 SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service (memory consumption) via large values in the width and height parameters to otp_logon_ui_resources/qr, aka SAP Security Note 2389042. | 7.5 |
| 2017-04-13 | CVE-2016-6818 | SQL Injection vulnerability in SAP Business Intelligence Platform SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service (data deletion), or launch administrative operations or possibly OS commands via a crafted SQL query. | 9.8 |
| 2017-04-13 | CVE-2016-6143 | Improper Access Control vulnerability in SAP Hana 1.00.73.00.389160 SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806. | 9.8 |