Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-06-02 | CVE-2015-2278 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP products The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to look-ups of non-simple codes, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316. | 5.0 |
| 2015-05-29 | CVE-2015-3995 | Information Exposure vulnerability in SAP Hana 1.00.73.00.389160 SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565. | 4.0 |
| 2015-05-29 | CVE-2015-3994 | Improper Input Validation vulnerability in SAP Hana 1.00.73.00.389160 The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818. | 4.0 |
| 2015-05-26 | CVE-2015-4092 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Afaria 7.0.6620.2 Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, aka SAP Security Note 2153690. | 7.5 |
| 2015-05-26 | CVE-2015-4091 | XML External Entity Injection vulnerability in SAP Netweaver Application Server Java 7.4 XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tc~sld~wd~main/Main, related to "CIM UPLOAD," aka SAP Security Note 2090851. | 7.5 |
| 2015-05-12 | CVE-2015-3981 | Information Exposure vulnerability in SAP Netweaver RFC SDK SAP NetWeaver RFC SDK allows attackers to obtain sensitive information via unspecified vectors, aka SAP Security Note 2084037. | 5.0 |
| 2015-05-12 | CVE-2015-3980 | SQL Injection vulnerability in SAP Customer Relationship Management SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534. | 7.5 |
| 2015-05-12 | CVE-2015-3979 | Arbitrary Code Execution vulnerability in SAP Business Rules Framework Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534. | 7.5 |
| 2015-05-12 | CVE-2015-3978 | Information Exposure vulnerability in SAP Sybase Unwired Platform Online Data Proxy SAP Sybase Unwired Platform Online Data Proxy allows local users to obtain usernames and passwords via the DataVault, aka SAP Security Note 2094830. | 2.1 |
| 2015-04-01 | CVE-2015-2820 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Afaria 7.0.6001.5 Buffer overflow in XcListener in SAP Afaria 7.0.6001.5 allows remote attackers to cause a denial of service (process termination) via a crafted request, aka SAP Security Note 2132584. | 5.0 |