Vulnerabilities > SAP > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-11-10 | CVE-2015-7994 | Improper Input Validation vulnerability in SAP Hana 1.00.73.00.389160 The SQL interface in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "SQL Login," aka SAP Security Note 2197428. | 7.5 |
| 2015-11-10 | CVE-2015-7993 | Improper Input Validation vulnerability in SAP Hana 1.00.73.00.389160 The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "HTTP Login," aka SAP Security Note 2197397. | 7.5 |
| 2015-10-27 | CVE-2015-7986 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Hana 1.0/1.00 The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 2197428. | 7.5 |
| 2015-10-15 | CVE-2015-6507 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Hana 1.00.091.00 The hdbsql client 1.00.091.00 Build 1418659308-1530 in SAP HANA allows local users to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2140700. | 7.2 |
| 2015-09-18 | CVE-2015-7239 | SQL Injection vulnerability in SAP Netweaver J2Ee Engine 7.40 SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2015-07-16 | CVE-2015-3449 | 7PK - Security Features vulnerability in SAP Afaria 7.0.6398.0 The Windows client in SAP Afaria 7.0.6398.0 uses weak permissions (Everyone: read and Everyone: write) for the install folder, which allows local users to gain privileges via a Trojan horse XeService.exe file. | 7.2 |
| 2015-06-24 | CVE-2015-5068 | Information Disclosure vulnerability in SAP Mobile Platform 3.0 XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security Note 2159601. | 7.5 |
| 2015-06-24 | CVE-2015-5067 | Credentials Management vulnerability in SAP Netweaver The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982. | 7.5 |
| 2015-06-02 | CVE-2015-4161 | Permissions, Privileges, and Access Controls vulnerability in SAP Afaria SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690. | 7.5 |
| 2015-06-02 | CVE-2015-4160 | SQL Injection vulnerability in SAP ASE Database Platform SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278. | 7.5 |