Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2014-04-30 CVE-2014-3129 Information Exposure vulnerability in SAP Netweaver Software Lifecycle Manager 7.1
The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1.
network
low complexity
sap CWE-200
5.0
2014-04-17 CVE-2014-0984 Permissions, Privileges, and Access Controls vulnerability in SAP Router 710/720/721
The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack.
network
sap CWE-264
4.3
2014-04-10 CVE-2014-2752 Credentials Management vulnerability in SAP Business Object Processing Framework for Abap
SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
network
low complexity
sap CWE-255
7.5
2014-04-10 CVE-2014-2751 Credentials Management vulnerability in SAP Print and Output Management
SAP Print and Output Management has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
network
low complexity
sap CWE-255
7.5
2014-04-10 CVE-2014-2749 Information Exposure vulnerability in SAP Hana
The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request.
network
low complexity
sap CWE-200
5.0
2014-04-10 CVE-2014-2748 Permissions, Privileges, and Access Controls vulnerability in SAP Enhancement Package 6.0
The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors.
network
low complexity
sap CWE-264
7.5
2014-04-10 CVE-2013-7367 Permissions, Privileges, and Access Controls vulnerability in SAP Enterprise Portal
SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors.
network
low complexity
sap CWE-264
7.5
2014-04-10 CVE-2013-7366 Improper Authentication vulnerability in SAP Software Deployment Manager
The SAP Software Deployment Manager (SDM), in certain unspecified conditions, allows remote attackers to cause a denial of service via vectors related to failed authentications.
network
low complexity
sap CWE-287
5.0
2014-04-10 CVE-2013-7365 Cross-Site Scripting vulnerability in SAP Enterprise Portal
Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
network
sap CWE-79
4.3
2014-04-10 CVE-2013-7364 Permissions, Privileges, and Access Controls vulnerability in SAP Netweaver
An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors.
network
low complexity
sap CWE-264
7.5