Vulnerabilities > SAP > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-05-26 | CVE-2015-4091 | XML External Entity Injection vulnerability in SAP Netweaver Application Server Java 7.4 XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tc~sld~wd~main/Main, related to "CIM UPLOAD," aka SAP Security Note 2090851. | 7.5 |
| 2015-05-12 | CVE-2015-3980 | SQL Injection vulnerability in SAP Customer Relationship Management SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534. | 7.5 |
| 2015-05-12 | CVE-2015-3979 | Arbitrary Code Execution vulnerability in SAP Business Rules Framework Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534. | 7.5 |
| 2015-04-01 | CVE-2015-2816 | Improper Access Control vulnerability in SAP Afaria 7.0.6001.5 The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict access, which allows remote attackers to have unspecified impact via a crafted request, aka SAP Security Note 2134905. | 7.5 |
| 2015-01-22 | CVE-2015-1312 | Permissions, Privileges, and Access Controls vulnerability in SAP Enterprise Resource Planning The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown vectors, aka SAP Note 2000401. | 7.5 |
| 2014-12-11 | CVE-2014-9264 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SAP SQL Anywhere Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias. | 7.5 |
| 2014-11-06 | CVE-2014-8668 | SQL Injection vulnerability in SAP Contract Accounting SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2014-11-06 | CVE-2014-8664 | SQL Injection vulnerability in SAP Environment Health and Safety SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2014-11-06 | CVE-2014-8663 | SQL Injection vulnerability in SAP Netweaver Business Warehouse SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2014-11-06 | CVE-2014-8662 | Denial of Service vulnerability in SAP Payroll Process Unspecified vulnerability in SAP Payroll Process allows remote attackers to cause a denial of service via vectors related to session handling. | 7.8 |