Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2017-15293
Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. This is SAP Security Note 2520064.
Sap Point Of Sale Xpress Server 1030
Sap Point Of Sale Xpress Server 1020
10
CVSSv2
CVE-2017-15295
Xpress Server in SAP POS does not require authentication for read/write/delete file access. This is SAP Security Note 2520064.
Sap Point Of Sale Xpress Server 1020
Sap Point Of Sale Xpress Server 1030
10
CVSSv2
CVE-2016-6818
SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote malicious users to obtain sensitive information, modify data, cause a denial of service (data deletion), or launch administrative operations or possibly OS commands via a crafted S...
Sap Business Intelligence Platform -
10
CVSSv2
CVE-2016-6137
An unspecified function in SAP TREX 7.10 Revision 63 allows remote malicious users to execute arbitrary OS commands via unknown vectors, aka SAP Security Note 2203591.
Sap Trex 7.10
10
CVSSv2
CVE-2016-6138
Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote malicious users to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.
Sap Trex 7.10
10
CVSSv2
CVE-2016-6147
An unspecified interface in SAP TREX 7.10 Revision 63 allows remote malicious users to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226.
Sap Trex 7.10
10
CVSSv2
CVE-2010-5326
The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly prior to 7.3, does not require authentication, which allows remote malicious users to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "D...
Sap Netweaver Application Server Java
1 Article
10
CVSSv2
CVE-2015-7828
SAP HANA Database 1.00 SPS10 and previous versions do not require authentication, which allows remote malicious users to execute arbitrary code or have unspecified other impact via a TrexNet packet to the (1) fcopydir, (2) fmkdir, (3) frmdir, (4) getenv, (5) dumpenv, (6) fcopy, (...
Sap Hana
10
CVSSv2
CVE-2015-7730
SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote malicious users to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108.
Sap Businessobjects 4.1
Sap Businessobjects Xi 3.1
Sap Businessobjects Xi R3
Sap Businessobjects Edge 4.0
10
CVSSv2
CVE-2015-1311
The Extended Application Services (XS) in SAP HANA allows remote malicious users to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sap Hana Extended Application Services -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »