Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-07-16 | CVE-2015-3621 | Improper Input Validation vulnerability in SAP Enterprise Central Component Untrusted search path vulnerability in SAP Enterprise Central Component (ECC) allows local users to gain privileges via a Trojan horse program. | 9.3 |
| 2015-07-16 | CVE-2015-3449 | 7PK - Security Features vulnerability in SAP Afaria 7.0.6398.0 The Windows client in SAP Afaria 7.0.6398.0 uses weak permissions (Everyone: read and Everyone: write) for the install folder, which allows local users to gain privileges via a Trojan horse XeService.exe file. | 7.2 |
| 2015-06-24 | CVE-2015-5068 | Information Disclosure vulnerability in SAP Mobile Platform 3.0 XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security Note 2159601. | 7.5 |
| 2015-06-24 | CVE-2015-5067 | Credentials Management vulnerability in SAP Netweaver The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982. | 7.5 |
| 2015-06-02 | CVE-2015-4161 | Permissions, Privileges, and Access Controls vulnerability in SAP Afaria SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690. | 7.5 |
| 2015-06-02 | CVE-2015-4160 | SQL Injection vulnerability in SAP ASE Database Platform SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278. | 7.5 |
| 2015-06-02 | CVE-2015-4159 | SQL Injection vulnerability in SAP Hana Web-Based Development Workbench SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892. | 7.5 |
| 2015-06-02 | CVE-2015-4158 | Denial of Service vulnerability in SAP products SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661. | 5.0 |
| 2015-06-02 | CVE-2015-4157 | Denial of Service vulnerability in SAP Content Server SAP Content Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2127995. | 5.0 |
| 2015-06-02 | CVE-2015-2282 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP products Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316. | 7.5 |