Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-04-01 | CVE-2015-2811 | Unspecified vulnerability in SAP Netweaver Enterprise Portal 7.31 XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939. | 5.0 |
| 2015-03-14 | CVE-2015-2107 | Improper Access Control vulnerability in HP Operations Manager I Management Pack 1.0 HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges. | 6.8 |
| 2015-02-27 | CVE-2015-2076 | Information Exposure vulnerability in SAP Businessobjects Edge 4.0 The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395. | 5.0 |
| 2015-02-27 | CVE-2015-2075 | Permissions, Privileges, and Access Controls vulnerability in SAP Businessobjects Edge 4.0 SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396. | 5.0 |
| 2015-02-27 | CVE-2015-2072 | Cross-site Scripting vulnerability in SAP Hana 1.00.73.00.389160/1.00.80.00.391861 Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or (2) xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs, aka SAP Note 2069676. | 4.3 |
| 2015-01-15 | CVE-2014-9595 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Kernel 7.00/7.40 Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271. | 6.5 |
| 2015-01-15 | CVE-2014-9594 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Kernel 7.00/7.40 Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734. | 6.5 |
| 2014-11-06 | CVE-2014-8667 | Cross-Site Scripting vulnerability in SAP Hana Web-Based Development Workbench Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2014-11-06 | CVE-2014-8666 | Information Exposure vulnerability in SAP Business Intelligence Development Workbench The User & Server configuration, InfoView refresh, user rights (BI-BIP-ADM) component in SAP Business Intellignece allows remote attackers to obtain audit event details via unspecified vectors. | 5.0 |
| 2014-11-06 | CVE-2014-8665 | Information Exposure vulnerability in SAP Business Intelligence Development Workbench The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files. | 5.0 |