Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2019-7840
ColdFusion versions Update 3 and previous versions, Update 10 and previous versions, and Update 18 and previous versions have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.
Adobe Coldfusion 11.0
Adobe Coldfusion 2016
Adobe Coldfusion 2018
1 Article
890
VMScore
CVE-2019-7839
ColdFusion versions Update 3 and previous versions, Update 10 and previous versions, and Update 18 and previous versions have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
Adobe Coldfusion 11.0
Adobe Coldfusion 2016
Adobe Coldfusion 2018
1 Article
890
VMScore
CVE-2017-15293
Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. This is SAP Security Note 2520064.
Sap Point Of Sale Xpress Server 1030
Sap Point Of Sale Xpress Server 1020
890
VMScore
CVE-2017-15295
Xpress Server in SAP POS does not require authentication for read/write/delete file access. This is SAP Security Note 2520064.
Sap Point Of Sale Xpress Server 1020
Sap Point Of Sale Xpress Server 1030
890
VMScore
CVE-2016-6818
SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote malicious users to obtain sensitive information, modify data, cause a denial of service (data deletion), or launch administrative operations or possibly OS commands via a crafted S...
Sap Business Intelligence Platform -
890
VMScore
CVE-2016-6137
An unspecified function in SAP TREX 7.10 Revision 63 allows remote malicious users to execute arbitrary OS commands via unknown vectors, aka SAP Security Note 2203591.
Sap Trex 7.10
890
VMScore
CVE-2016-6138
Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote malicious users to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.
Sap Trex 7.10
890
VMScore
CVE-2016-6147
An unspecified interface in SAP TREX 7.10 Revision 63 allows remote malicious users to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226.
Sap Trex 7.10
890
VMScore
CVE-2010-5326
The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly prior to 7.3, does not require authentication, which allows remote malicious users to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "D...
Sap Netweaver Application Server Java
1 Article
890
VMScore
CVE-2015-7828
SAP HANA Database 1.00 SPS10 and previous versions do not require authentication, which allows remote malicious users to execute arbitrary code or have unspecified other impact via a TrexNet packet to the (1) fcopydir, (2) fmkdir, (3) frmdir, (4) getenv, (5) dumpenv, (6) fcopy, (...
Sap Hana
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »