Vulnerabilities > SAP
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-02-14 | CVE-2014-1964 | Cross-Site Scripting vulnerability in SAP products Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to the ESR application and a DIR error. | 4.3 |
2014-02-14 | CVE-2014-1963 | Unspecified vulnerability in SAP Netweaver 7.20 Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors. | 5.0 |
2014-02-14 | CVE-2014-1962 | Information Exposure vulnerability in SAP Customer Relationship Management 7.02 Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue. | 5.0 |
2014-02-14 | CVE-2014-1961 | Unspecified vulnerability in SAP Netweaver Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors. | 5.0 |
2014-02-14 | CVE-2014-1960 | Permissions, Privileges, and Access Controls vulnerability in SAP Netweaver and Netweaver Solution Manager The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
2013-12-13 | CVE-2013-7096 | SQL Injection vulnerability in SAP EMR Unwired Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2013-12-13 | CVE-2013-7095 | Unspecified vulnerability in SAP Customer Relationship Management 7.02 The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue. | 10.0 |
2013-12-13 | CVE-2013-7094 | SQL Injection vulnerability in SAP Netweaver 7.30 SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2013-12-13 | CVE-2013-7093 | Improper Authentication vulnerability in SAP Network Interface Router 39.3 SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attackers to bypass authentication and modify the configuration via unspecified vectors. | 5.0 |
2013-11-23 | CVE-2013-6869 | SQL Injection vulnerability in SAP Netweaver 7.30 SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |