Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-10-16 | CVE-2014-8311 | Information Disclosure vulnerability in SAP Businessobjects 4.0 SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener. network sap | 3.5 |
| 2014-10-16 | CVE-2014-8310 | Improper Input Validation vulnerability in SAP Businessobjects 4.0 The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message. | 7.1 |
| 2014-10-16 | CVE-2014-8309 | Information Exposure vulnerability in SAP Businessobjects and Businessobjects XI SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the Session web service. | 5.0 |
| 2014-10-16 | CVE-2014-8308 | Cross-Site Scripting vulnerability in SAP Businessobjects 4.0 Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2014-09-05 | CVE-2014-6252 | Buffer Errors vulnerability in SAP Netweaver 7.0/7.20 Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors. | 6.5 |
| 2014-09-04 | CVE-2014-5506 | Remote Code Execution vulnerability in SAP Crystal Reports Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file. network sap | 6.8 |
| 2014-09-04 | CVE-2014-5505 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SAP Crystal Reports Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file. | 6.8 |
| 2014-07-31 | CVE-2014-5176 | Unspecified vulnerability in SAP FI Manager Self-Service SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors. network sap | 6.0 |
| 2014-07-31 | CVE-2014-5175 | Improper Authentication vulnerability in SAP Solution Manager 7.1 The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS. | 7.5 |
| 2014-07-31 | CVE-2014-5174 | Permissions, Privileges, and Access Controls vulnerability in SAP Netweaver Business Warehouse The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | 3.5 |