Vulnerabilities > SAP > High

DATE CVE VULNERABILITY TITLE RISK
2015-05-26 CVE-2015-4091 XML External Entity Injection vulnerability in SAP Netweaver Application Server Java 7.4
XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tc~sld~wd~main/Main, related to "CIM UPLOAD," aka SAP Security Note 2090851.
network
low complexity
sap
7.5
2015-05-12 CVE-2015-3980 SQL Injection vulnerability in SAP Customer Relationship Management
SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534.
network
low complexity
sap CWE-89
7.5
2015-05-12 CVE-2015-3979 Arbitrary Code Execution vulnerability in SAP Business Rules Framework
Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534.
network
low complexity
sap
7.5
2015-04-01 CVE-2015-2816 Improper Access Control vulnerability in SAP Afaria 7.0.6001.5
The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict access, which allows remote attackers to have unspecified impact via a crafted request, aka SAP Security Note 2134905.
network
low complexity
sap CWE-284
7.5
2015-01-22 CVE-2015-1312 Permissions, Privileges, and Access Controls vulnerability in SAP Enterprise Resource Planning
The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown vectors, aka SAP Note 2000401.
network
low complexity
sap CWE-264
7.5
2014-12-11 CVE-2014-9264 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SAP SQL Anywhere
Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias.
network
low complexity
sap CWE-119
7.5
2014-11-06 CVE-2014-8668 SQL Injection vulnerability in SAP Contract Accounting
SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
sap CWE-89
7.5
2014-11-06 CVE-2014-8664 SQL Injection vulnerability in SAP Environment Health and Safety
SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
sap CWE-89
7.5
2014-11-06 CVE-2014-8663 SQL Injection vulnerability in SAP Netweaver Business Warehouse
SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
sap CWE-89
7.5
2014-11-06 CVE-2014-8662 Denial of Service vulnerability in SAP Payroll Process
Unspecified vulnerability in SAP Payroll Process allows remote attackers to cause a denial of service via vectors related to session handling.
network
low complexity
sap
7.8