Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-11-06 | CVE-2014-8659 | Path Traversal vulnerability in SAP Environment Health and Safety Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
| 2014-11-06 | CVE-2014-0995 | Improper Input Validation vulnerability in SAP Netweaver The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern. | 5.0 |
| 2014-11-04 | CVE-2014-8592 | Denial of Service vulnerability in SAP Netweaver 7.02/7.30 Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request. | 5.0 |
| 2014-11-04 | CVE-2014-8591 | Denial of Service vulnerability in SAP Netweaver 7.02/7.30 Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors. | 5.0 |
| 2014-11-04 | CVE-2014-8590 | XML External Entity Information Disclosure vulnerability in SAP NetWeaver AS Java XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request. network sap | 4.3 |
| 2014-11-04 | CVE-2014-8589 | Numeric Errors vulnerability in SAP Network Interface Router 40.4 Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests. | 5.0 |
| 2014-10-16 | CVE-2014-8316 | Unspecified vulnerability in SAP Businessobjects Explorer 14.0.5 XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an explorationSpaceUpdate request. | 5.0 |
| 2014-10-16 | CVE-2014-8315 | Information Exposure vulnerability in SAP Businessobjects Explorer 14.0.5 polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 replies with different timing depending on if a connection can be made, which allows remote attackers to conduct port scanning attacks via a host name and port in the cms parameter. | 5.0 |
| 2014-10-16 | CVE-2014-8314 | Cross-Site Scripting vulnerability in SAP Hana Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA Developer Edition Revision 70 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) epm/admin/DataGen.xsjs or (2) epm/services/multiply.xsjs in the democontent. | 4.3 |
| 2014-10-16 | CVE-2014-8313 | Code Injection vulnerability in SAP Hana Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors. | 6.0 |