Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-04-01 | CVE-2015-2819 | Improper Input Validation vulnerability in SAP SQL Anywhere 11.0/16.0 SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a denial of service (crash) via a crafted request, aka SAP Security Note 2108161. | 5.0 |
| 2015-04-01 | CVE-2015-2818 | XML External Entity Injection vulnerability in SAP Mobile Platform 3.0 XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125513. | 5.0 |
| 2015-04-01 | CVE-2015-2817 | Information Exposure vulnerability in SAP Netweaver 7.40 The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768. | 5.0 |
| 2015-04-01 | CVE-2015-2816 | Improper Access Control vulnerability in SAP Afaria 7.0.6001.5 The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict access, which allows remote attackers to have unspecified impact via a crafted request, aka SAP Security Note 2134905. | 7.5 |
| 2015-04-01 | CVE-2015-2815 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Netweaver 7.0/7.40 Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369. | 6.5 |
| 2015-04-01 | CVE-2015-2814 | Permissions, Privileges, and Access Controls vulnerability in SAP Clinical Task Tracker and EMR Unwired SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079. | 6.4 |
| 2015-04-01 | CVE-2015-2813 | XML External Entity Injection vulnerability in SAP Mobile Platform XML external entity (XXE) vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358. | 5.0 |
| 2015-04-01 | CVE-2015-2812 | XML External Entity Information Disclosure vulnerability in SAP Netweaver Enterprise Portal 7.31 XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966. | 5.0 |
| 2015-04-01 | CVE-2015-2811 | Unspecified vulnerability in SAP Netweaver Enterprise Portal 7.31 XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939. | 5.0 |
| 2015-03-14 | CVE-2015-2107 | Improper Access Control vulnerability in HP Operations Manager I Management Pack 1.0 HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges. | 6.8 |