Vulnerabilities > SAP

DATE	CVE	VULNERABILITY TITLE	RISK
2016-01-20	CVE-2016-1928	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Hana Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security Note 2241978. network low complexity sap CWE-119 critical	9.8
2016-01-15	CVE-2016-1911	Cross-site Scripting vulnerability in SAP Netweaver 7.40 Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) Runtime Workbench (RWB) or (2) Pmitest servlet in the Process Monitoring Infrastructure (PMI), aka SAP Security Notes 2206793 and 2234918. network low complexity sap CWE-79	6.1
2016-01-15	CVE-2016-1910	Information Exposure vulnerability in SAP Netweaver 7.40 The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290. network low complexity sap CWE-200	5.3
2016-01-08	CVE-2015-8753	Permissions, Privileges, and Access Controls vulnerability in SAP Afaria 7.0.6001.5 SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization checks and wipe or lock mobile devices via a crafted request, related to "Insecure signature," aka SAP Security Note 2134905. network low complexity sap CWE-264 critical	9.1

Vulnerabilities > SAP {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"SAP"}]}