Vulnerabilities > SAP > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-11-06 | CVE-2014-8664 | SQL Injection vulnerability in SAP Environment Health and Safety SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2014-11-06 | CVE-2014-8663 | SQL Injection vulnerability in SAP Netweaver Business Warehouse SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2014-11-06 | CVE-2014-8662 | Denial of Service vulnerability in SAP Payroll Process Unspecified vulnerability in SAP Payroll Process allows remote attackers to cause a denial of service via vectors related to session handling. | 7.8 |
| 2014-11-06 | CVE-2014-8660 | Code Injection vulnerability in SAP Document Management Services SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors. | 7.2 |
| 2014-11-04 | CVE-2014-8588 | SQL Injection vulnerability in SAP Hana 1.00.60.379371 SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2014-10-16 | CVE-2014-8310 | Improper Input Validation vulnerability in SAP Businessobjects 4.0 The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message. | 7.1 |
| 2014-07-31 | CVE-2014-5175 | Improper Authentication vulnerability in SAP Solution Manager 7.1 The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS. | 7.5 |
| 2014-06-09 | CVE-2014-4003 | Permissions, Privileges, and Access Controls vulnerability in SAP Netweaver The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system. | 7.5 |
| 2014-04-10 | CVE-2014-2752 | Credentials Management vulnerability in SAP Business Object Processing Framework for Abap SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | 7.5 |
| 2014-04-10 | CVE-2014-2751 | Credentials Management vulnerability in SAP Print and Output Management SAP Print and Output Management has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | 7.5 |