Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-10-16 | CVE-2014-8309 | Information Exposure vulnerability in SAP Businessobjects and Businessobjects XI SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the Session web service. | 5.0 |
| 2014-10-16 | CVE-2014-8308 | Cross-Site Scripting vulnerability in SAP Businessobjects 4.0 Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2014-09-05 | CVE-2014-6252 | Buffer Errors vulnerability in SAP Netweaver 7.0/7.20 Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors. | 6.5 |
| 2014-09-04 | CVE-2014-5506 | Remote Code Execution vulnerability in SAP Crystal Reports Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file. network sap | 6.8 |
| 2014-09-04 | CVE-2014-5505 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SAP Crystal Reports Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file. | 6.8 |
| 2014-07-31 | CVE-2014-5176 | Unspecified vulnerability in SAP FI Manager Self-Service SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors. network sap | 6.0 |
| 2014-07-31 | CVE-2014-5172 | Cross-Site Scripting vulnerability in SAP Hana Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2014-06-13 | CVE-2014-4161 | Cross-Site Scripting vulnerability in SAP Supplier Relationship Management Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web script or HTML via the url parameter. | 4.3 |
| 2014-06-13 | CVE-2014-4160 | Cross-Site Scripting vulnerability in SAP Netweaver Business Client Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) sap-accessibility parameter. | 4.3 |
| 2014-06-13 | CVE-2014-4159 | Unspecified vulnerability in SAP Supplier Relationship Management Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. network sap | 5.8 |