Vulnerabilities > SAP > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-08 | CVE-2015-8753 | Permissions, Privileges, and Access Controls vulnerability in SAP Afaria 7.0.6001.5 SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization checks and wipe or lock mobile devices via a crafted request, related to "Insecure signature," aka SAP Security Note 2134905. | 9.4 |
| 2015-11-10 | CVE-2015-7828 | Improper Input Validation vulnerability in SAP Hana SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitrary code or have unspecified other impact via a TrexNet packet to the (1) fcopydir, (2) fmkdir, (3) frmdir, (4) getenv, (5) dumpenv, (6) fcopy, (7) fput, (8) fdel, (9) fmove, (10) fget, (11) fappend, (12) fdir, (13) getTraces, (14) kill, (15) pexec, (16) stop, or (17) pythonexec method, aka SAP Security Note 2165583. | 10.0 |
| 2015-10-15 | CVE-2015-7730 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP products SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108. | 10.0 |
| 2015-07-16 | CVE-2015-3621 | Improper Input Validation vulnerability in SAP Enterprise Central Component Untrusted search path vulnerability in SAP Enterprise Central Component (ECC) allows local users to gain privileges via a Trojan horse program. | 9.3 |
| 2014-12-17 | CVE-2014-9387 | Permissions, Privileges, and Access Controls vulnerability in SAP Businessobjects 4.1 SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905. | 10.0 |
| 2014-11-19 | CVE-2013-3678 | Security vulnerability in SAP GRC Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP-RFC request. | 9.0 |
| 2014-11-06 | CVE-2014-8669 | Code Injection vulnerability in SAP Customer Relationship Management The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |
| 2014-11-06 | CVE-2014-8661 | Code Injection vulnerability in SAP Customer Relationship Management Internet Sales The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors. | 10.0 |
| 2013-12-13 | CVE-2013-7095 | Unspecified vulnerability in SAP Customer Relationship Management 7.02 The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue. | 10.0 |
| 2013-11-20 | CVE-2013-6822 | Unspecified vulnerability in SAP Netweaver GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue. | 10.0 |