Vulnerabilities > SAP > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-10 | CVE-2019-0328 | OS Command Injection vulnerability in SAP Netweaver Process Integration ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. | 9.0 |
| 2017-10-16 | CVE-2017-15295 | Improper Authentication vulnerability in SAP Point of Sale Xpress Server 1020/1030 Xpress Server in SAP POS does not require authentication for read/write/delete file access. | 10.0 |
| 2017-10-16 | CVE-2017-15293 | Improper Authentication vulnerability in SAP Point of Sale Xpress Server 1020/1030 Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. | 10.0 |
| 2017-04-13 | CVE-2016-6818 | SQL Injection vulnerability in SAP Business Intelligence Platform SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service (data deletion), or launch administrative operations or possibly OS commands via a crafted SQL query. | 10.0 |
| 2016-10-05 | CVE-2016-7435 | Permissions, Privileges, and Access Controls vulnerability in SAP Netweaver 7.40 The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security Note 2260344. | 9.0 |
| 2016-09-27 | CVE-2016-6137 | Remote Command Execution vulnerability in SAP Trex 7.10 An unspecified function in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands via unknown vectors, aka SAP Security Note 2203591. | 10.0 |
| 2016-08-05 | CVE-2016-6147 | OS Command Injection vulnerability in SAP Trex 7.10 An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226. | 10.0 |
| 2016-08-05 | CVE-2016-6138 | Path Traversal vulnerability in SAP Trex 7.10 Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591. | 10.0 |
| 2016-05-13 | CVE-2010-5326 | Remote Code Execution vulnerability in SAP Netweaver Invoker Servlet The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "Detour" attack. | 10.0 |
| 2016-04-14 | CVE-2016-4014 | XML External Entity Injection vulnerability in SAP Netweaver 7.4 XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389. | 9.0 |