Vulnerabilities > SAP
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-06-09 | CVE-2014-4006 | Credentials Management vulnerability in SAP OIL Industry Solution Traders and Schedulers Workbench The SAP Trader's and Scheduler's Workbench (TSW) for SAP Oil & Gas has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | 5.0 |
2014-06-09 | CVE-2014-4005 | Credentials Management vulnerability in SAP Brazil SAP Brazil add-on has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | 5.0 |
2014-06-09 | CVE-2014-4004 | Credentials Management vulnerability in SAP Project System The (1) Structures and (2) Project-Oriented Procurement components in SAP Project System has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | 5.0 |
2014-06-09 | CVE-2014-4003 | Permissions, Privileges, and Access Controls vulnerability in SAP Netweaver The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system. | 7.5 |
2014-05-19 | CVE-2014-3787 | Information Exposure vulnerability in SAP Netweaver SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors. | 5.0 |
2014-04-30 | CVE-2014-3134 | Cross-Site Scripting vulnerability in SAP Businessobjects Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-04-30 | CVE-2014-3133 | Permissions, Privileges, and Access Controls vulnerability in SAP Netweaver Java Application Server SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection. | 5.0 |
2014-04-30 | CVE-2014-3132 | Permissions, Privileges, and Access Controls vulnerability in SAP Background Processing SAP Background Processing does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1. | 4.0 |
2014-04-30 | CVE-2014-3131 | Permissions, Privileges, and Access Controls vulnerability in SAP Profile Maintenance SAP Profile Maintenance does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1. | 4.0 |
2014-04-30 | CVE-2014-3130 | Permissions, Privileges, and Access Controls vulnerability in SAP Netweaver Abap Application Server The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and execute ABAP instructions via crafted help messages. | 4.6 |