Vulnerabilities > SAP > High

DATE CVE VULNERABILITY TITLE RISK
2014-04-10 CVE-2013-7363 Unspecified vulnerability in SAP Solution Manager
Unspecified vulnerability in the Diagnostics (SMD) agent in SAP Solution Manager allows remote attackers to obtain sensitive information, modify the configuration of applications, and install or remove applications via vectors involving the P4 protocol.
network
low complexity
sap
7.5
2014-04-10 CVE-2013-7362 Code Injection vulnerability in SAP Ccms Agent
An unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands via unknown vectors.
network
low complexity
sap CWE-94
7.5
2014-04-10 CVE-2013-7360 Arbitrary File Read and Write vulnerability in SAP Adminadapter
Unspecified vulnerability in SAP adminadapter allows remote attackers to read or write to arbitrary files via unknown vectors.
network
low complexity
sap
7.5
2014-04-10 CVE-2013-7355 SQL Injection vulnerability in SAP BI Universal Data Integration
SQL injection vulnerability in SAP BI Universal Data Integration allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to the J2EE schema.
network
low complexity
sap CWE-89
7.5
2013-12-13 CVE-2013-7096 SQL Injection vulnerability in SAP EMR Unwired
Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
sap CWE-89
7.5
2013-12-13 CVE-2013-7094 SQL Injection vulnerability in SAP Netweaver 7.30
SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
sap CWE-89
7.5
2013-11-23 CVE-2013-6869 SQL Injection vulnerability in SAP Netweaver 7.30
SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
sap CWE-89
7.5
2013-10-26 CVE-2013-6284 Unspecified vulnerability in SAP ERP Central Component
Unspecified vulnerability in the Statutory Reporting for Insurance (FS_SR) component in the Financial Services module for SAP ERP Central Component (ECC) allows attackers to execute arbitrary code via unspecified vectors, related to a "code injection vulnerability."
network
low complexity
sap
7.5
2013-09-12 CVE-2013-5723 SQL Injection vulnerability in SAP Netweaver 7.30
SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE."
network
low complexity
sap CWE-89
7.5
2008-02-06 CVE-2008-0621 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SAP Sapgui, Saplpd and Sapsprint
Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to execute arbitrary code via long arguments to the (1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04, and (5) 0x05 LPD commands.
network
low complexity
sap CWE-119
7.5