Vulnerabilities > SAP
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-07-31 | CVE-2014-5172 | Cross-Site Scripting vulnerability in SAP Hana Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-06-13 | CVE-2014-4161 | Cross-Site Scripting vulnerability in SAP Supplier Relationship Management Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web script or HTML via the url parameter. | 4.3 |
2014-06-13 | CVE-2014-4160 | Cross-Site Scripting vulnerability in SAP Netweaver Business Client Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) sap-accessibility parameter. | 4.3 |
2014-06-13 | CVE-2014-4159 | Unspecified vulnerability in SAP Supplier Relationship Management Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. network sap | 5.8 |
2014-06-09 | CVE-2014-4012 | Credentials Management vulnerability in SAP Open HUB Service SAP Open Hub Service has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | 5.0 |
2014-06-09 | CVE-2014-4011 | Credentials Management vulnerability in SAP Capacity Leveling SAP Capacity Leveling has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | 5.0 |
2014-06-09 | CVE-2014-4010 | Credentials Management vulnerability in SAP Transaction Data Pool SAP Transaction Data Pool has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | 5.0 |
2014-06-09 | CVE-2014-4009 | Credentials Management vulnerability in SAP Computing Center Management System Monitoring SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | 5.0 |
2014-06-09 | CVE-2014-4008 | Credentials Management vulnerability in SAP web Services Tool SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | 5.0 |
2014-06-09 | CVE-2014-4007 | Credentials Management vulnerability in SAP Upgrade Tools The SAP Upgrade tools for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | 5.0 |