Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-05-29 | CVE-2015-3994 | Improper Input Validation vulnerability in SAP Hana 1.00.73.00.389160 The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818. | 4.0 |
| 2015-05-12 | CVE-2015-3981 | Information Exposure vulnerability in SAP Netweaver RFC SDK SAP NetWeaver RFC SDK allows attackers to obtain sensitive information via unspecified vectors, aka SAP Security Note 2084037. | 5.0 |
| 2015-04-01 | CVE-2015-2820 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Afaria 7.0.6001.5 Buffer overflow in XcListener in SAP Afaria 7.0.6001.5 allows remote attackers to cause a denial of service (process termination) via a crafted request, aka SAP Security Note 2132584. | 5.0 |
| 2015-04-01 | CVE-2015-2819 | Improper Input Validation vulnerability in SAP SQL Anywhere 11.0/16.0 SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a denial of service (crash) via a crafted request, aka SAP Security Note 2108161. | 5.0 |
| 2015-04-01 | CVE-2015-2818 | XML External Entity Injection vulnerability in SAP Mobile Platform 3.0 XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125513. | 5.0 |
| 2015-04-01 | CVE-2015-2817 | Information Exposure vulnerability in SAP Netweaver 7.40 The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768. | 5.0 |
| 2015-04-01 | CVE-2015-2815 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Netweaver 7.0/7.40 Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369. | 6.5 |
| 2015-04-01 | CVE-2015-2814 | Permissions, Privileges, and Access Controls vulnerability in SAP Clinical Task Tracker and EMR Unwired SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079. | 6.4 |
| 2015-04-01 | CVE-2015-2813 | XML External Entity Injection vulnerability in SAP Mobile Platform XML external entity (XXE) vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358. | 5.0 |
| 2015-04-01 | CVE-2015-2812 | XML External Entity Information Disclosure vulnerability in SAP Netweaver Enterprise Portal 7.31 XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966. | 5.0 |