Vulnerabilities > SAP > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-06-02 | CVE-2015-4159 | SQL Injection vulnerability in SAP Hana Web-Based Development Workbench SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892. | 7.5 |
| 2015-06-02 | CVE-2015-2282 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP products Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316. | 7.5 |
| 2015-05-26 | CVE-2015-4092 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Afaria 7.0.6620.2 Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, aka SAP Security Note 2153690. | 7.5 |
| 2015-05-26 | CVE-2015-4091 | XML External Entity Injection vulnerability in SAP Netweaver Application Server Java 7.4 XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tc~sld~wd~main/Main, related to "CIM UPLOAD," aka SAP Security Note 2090851. | 7.5 |
| 2015-05-12 | CVE-2015-3980 | SQL Injection vulnerability in SAP Customer Relationship Management SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534. | 7.5 |
| 2015-05-12 | CVE-2015-3979 | Arbitrary Code Execution vulnerability in SAP Business Rules Framework Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534. | 7.5 |
| 2015-04-01 | CVE-2015-2816 | Improper Access Control vulnerability in SAP Afaria 7.0.6001.5 The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict access, which allows remote attackers to have unspecified impact via a crafted request, aka SAP Security Note 2134905. | 7.5 |
| 2015-01-22 | CVE-2015-1312 | Permissions, Privileges, and Access Controls vulnerability in SAP Enterprise Resource Planning The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown vectors, aka SAP Note 2000401. | 7.5 |
| 2014-12-11 | CVE-2014-9264 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SAP SQL Anywhere Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias. | 7.5 |
| 2014-11-06 | CVE-2014-8668 | SQL Injection vulnerability in SAP Contract Accounting SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |