Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2014-06-09 CVE-2014-4006 Credentials Management vulnerability in SAP OIL Industry Solution Traders and Schedulers Workbench
The SAP Trader's and Scheduler's Workbench (TSW) for SAP Oil & Gas has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
network
low complexity
sap CWE-255
5.0
5.0
2014-06-09 CVE-2014-4005 Credentials Management vulnerability in SAP Brazil
SAP Brazil add-on has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
network
low complexity
sap CWE-255
5.0
5.0
2014-06-09 CVE-2014-4004 Credentials Management vulnerability in SAP Project System
The (1) Structures and (2) Project-Oriented Procurement components in SAP Project System has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
network
low complexity
sap CWE-255
5.0
5.0
2014-06-09 CVE-2014-4003 Permissions, Privileges, and Access Controls vulnerability in SAP Netweaver
The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system.
network
low complexity
sap CWE-264
7.5
7.5
2014-05-19 CVE-2014-3787 Information Exposure vulnerability in SAP Netweaver
SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors.
network
low complexity
sap CWE-200
5.0
5.0
2014-04-30 CVE-2014-3134 Cross-Site Scripting vulnerability in SAP Businessobjects
Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
sap CWE-79
4.3
4.3
2014-04-30 CVE-2014-3133 Permissions, Privileges, and Access Controls vulnerability in SAP Netweaver Java Application Server
SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection.
network
low complexity
sap CWE-264
5.0
5.0
2014-04-30 CVE-2014-3132 Permissions, Privileges, and Access Controls vulnerability in SAP Background Processing
SAP Background Processing does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1.
network
low complexity
sap CWE-264
4.0
4.0
2014-04-30 CVE-2014-3131 Permissions, Privileges, and Access Controls vulnerability in SAP Profile Maintenance
SAP Profile Maintenance does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1.
network
low complexity
sap CWE-264
4.0
4.0
2014-04-30 CVE-2014-3130 Permissions, Privileges, and Access Controls vulnerability in SAP Netweaver Abap Application Server
The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and execute ABAP instructions via crafted help messages.
local
low complexity
sap CWE-264
4.6
4.6