Vulnerabilities > SAP > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-13 | CVE-2016-3638 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP SLD Registration SAP SLD Registration Program (aka SLDREG) allows local users to cause a denial of service (memory corruption and process termination) via a crafted HOST parameter, aka SAP Security Note 2125623. | 2.1 |
| 2016-10-13 | CVE-2016-7437 | Security Bypass vulnerability in SAP Netweaver 7.40 SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 2252312. | 2.1 |
| 2016-08-13 | CVE-2016-5845 | Local Privilege Escalation and Denial of Service vulnerability in SAP Sapcar SAP SAPCAR does not check the return value of file operations when extracting files, which allows remote attackers to cause a denial of service (program crash) via an invalid file name in an archive file, aka SAP Security Note 2312905. | 2.1 |
| 2016-08-05 | CVE-2016-3640 | Information Exposure vulnerability in SAP Hana DB 1.00.091.00.14186593 The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.091.00.1418659308 allows local users to obtain sensitive password information via vectors related to passwords in Web Dispatcher trace files, aka SAP Security Note 2148905. | 2.1 |
| 2016-08-05 | CVE-2016-6149 | Information Exposure vulnerability in SAP Hana Sps09 1.00.091.00.14186593 SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain sensitive information by leveraging the EXPORT statement to export files, aka SAP Security Note 2252941. | 2.1 |
| 2015-10-15 | CVE-2015-7726 | Cross-site Scripting vulnerability in SAP Hana 1.00.091.00 Cross-site scripting (XSS) vulnerability in role deletion in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allows remote authenticated users to inject arbitrary web script or HTML via the role name, aka SAP Security Note 2153898. | 3.5 |
| 2015-10-15 | CVE-2015-7728 | Cross-site Scripting vulnerability in SAP Hana 1.00.73.00.389160 Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to inject arbitrary web script or HTML via the username, aka SAP Security Note 2153898. | 3.5 |
| 2015-05-12 | CVE-2015-3978 | Information Exposure vulnerability in SAP Sybase Unwired Platform Online Data Proxy SAP Sybase Unwired Platform Online Data Proxy allows local users to obtain usernames and passwords via the DataVault, aka SAP Security Note 2094830. | 2.1 |
| 2014-10-16 | CVE-2014-8311 | Information Disclosure vulnerability in SAP Businessobjects 4.0 SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener. network sap | 3.5 |
| 2014-07-31 | CVE-2014-5174 | Permissions, Privileges, and Access Controls vulnerability in SAP Netweaver Business Warehouse The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | 3.5 |