Vulnerabilities > SAP > Critical

DATE CVE VULNERABILITY TITLE RISK
2014-11-06 CVE-2014-8661 Code Injection vulnerability in SAP Customer Relationship Management Internet Sales
The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors.
network
low complexity
sap CWE-94
critical
10.0
2013-12-13 CVE-2013-7095 Unspecified vulnerability in SAP Customer Relationship Management 7.02
The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue.
network
low complexity
sap
critical
10.0
2013-11-20 CVE-2013-6822 Unspecified vulnerability in SAP Netweaver
GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue.
network
low complexity
sap
critical
10.0
2013-11-20 CVE-2013-6820 Unspecified vulnerability in SAP Netweaver Development Infrastructure
Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote attackers to execute arbitrary code by uploading a file with an executable extension via unspecified vectors.
network
sap
critical
9.3
2012-05-15 CVE-2012-2611 Improper Input Validation vulnerability in SAP Netweaver 7.0
The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet.
network
sap CWE-20
critical
9.3
2010-12-22 CVE-2010-2590 Buffer Errors vulnerability in SAP Crystal Reports 2008
Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value.
network
sap CWE-119
critical
9.3
2010-12-17 CVE-2010-4556 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SAP Netweaver Business Client
Stack-based buffer overflow in the SapThemeRepository ActiveX control (sapwdpcd.dll) in SAP NetWeaver Business Client allows remote attackers to execute arbitrary code via the (1) Load and (2) LoadTheme methods.
network
sap CWE-119
critical
9.3
2010-10-18 CVE-2010-3983 Permissions, Privileges, and Access Controls vulnerability in SAP Businessobjects 3.2
CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Program Job Server and the Program Login property.
network
low complexity
sap CWE-264
critical
9.0
2010-10-18 CVE-2010-0219 Credentials Management vulnerability in multiple products
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
network
low complexity
apache sap CWE-255
critical
10.0
2010-08-25 CVE-2009-4988 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SAP Business ONE 2005-A 6.80.123/6.80.320
Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business One 2005 A 6.80.123 and 6.80.320 allows remote attackers to execute arbitrary code via a long GIOP request to TCP port 30000.
network
low complexity
sap CWE-119
critical
10.0