Vulnerabilities > SAP
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-04-30 | CVE-2014-3129 | Information Exposure vulnerability in SAP Netweaver Software Lifecycle Manager 7.1 The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1. | 5.0 |
2014-04-17 | CVE-2014-0984 | Permissions, Privileges, and Access Controls vulnerability in SAP Router 710/720/721 The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack. | 4.3 |
2014-04-10 | CVE-2014-2752 | Credentials Management vulnerability in SAP Business Object Processing Framework for Abap SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | 7.5 |
2014-04-10 | CVE-2014-2751 | Credentials Management vulnerability in SAP Print and Output Management SAP Print and Output Management has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | 7.5 |
2014-04-10 | CVE-2014-2749 | Information Exposure vulnerability in SAP Hana The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request. | 5.0 |
2014-04-10 | CVE-2014-2748 | Permissions, Privileges, and Access Controls vulnerability in SAP Enhancement Package 6.0 The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors. | 7.5 |
2014-04-10 | CVE-2013-7367 | Permissions, Privileges, and Access Controls vulnerability in SAP Enterprise Portal SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors. | 7.5 |
2014-04-10 | CVE-2013-7366 | Improper Authentication vulnerability in SAP Software Deployment Manager The SAP Software Deployment Manager (SDM), in certain unspecified conditions, allows remote attackers to cause a denial of service via vectors related to failed authentications. | 5.0 |
2014-04-10 | CVE-2013-7365 | Cross-Site Scripting vulnerability in SAP Enterprise Portal Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 4.3 |
2014-04-10 | CVE-2013-7364 | Permissions, Privileges, and Access Controls vulnerability in SAP Netweaver An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors. | 7.5 |