Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap basis vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2018-2478
An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the <sid>adm user....
Sap Basis 7.31
Sap Basis 7.40
Sap Basis
Sap Basis 7.30
8.8
CVSSv3
CVE-2018-2367
ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an malicious user to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" a...
Sap Business Application Software Integrated Solution
Sap Business Application Software Integrated Solution 7.31
Sap Business Application Software Integrated Solution 7.40
Sap Business Application Software Integrated Solution 7.30
8.8
CVSSv3
CVE-2018-2363
SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially esc...
Sap Netweaver -
Sap Business Application Software Integrated Solution 7.30
Sap Business Application Software Integrated Solution
Sap Business Application Software Integrated Solution 7.40
Sap Business Application Software Integrated Solution 7.31
7.2
CVSSv3
CVE-2017-16682
SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application.
Sap Netweaver Internet Transaction Server -
Sap Business Application Software Integrated Solution
Sap Business Application Software Integrated Solution 7.31
Sap Business Application Software Integrated Solution 7.40
Sap Business Application Software Integrated Solution 7.30
6.5
CVSSv3
CVE-2017-16691
SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type 'SAR'. The digital signature verification is done together with the extraction of note file contained in th...
Sap Business Application Software Integrated Solution 7.10
Sap Business Application Software Integrated Solution 7.30
Sap Business Application Software Integrated Solution 7.52
Sap Business Application Software Integrated Solution 7.00
Sap Business Application Software Integrated Solution 7.01
Sap Business Application Software Integrated Solution 7.31
Sap Business Application Software Integrated Solution 7.40
Sap Business Application Software Integrated Solution 7.50
Sap Business Application Software Integrated Solution 7.51
Sap Business Application Software Integrated Solution 7.02
Sap Business Application Software Integrated Solution 7.11
7.5
CVSSv3
CVE-2016-4551
The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote malicious users to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621.
Sap Sap Basis 7.00
Sap Netweaver 2004s
Sap Sap Aba 7.00
NA
CVE-2014-8663
SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Sap Netweaver Business Warehouse -
NA
CVE-2014-3130
The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and execute ABAP instructions via crafted help messages.
Sap Netweaver Abap Application Server -
NA
CVE-2013-3063
SAP BASIS Communication Services 4.6B up to and including 7.30 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
Sap Basis Communication Services 4.6
Sap Basis Communication Services 7.30
NA
CVE-2007-3496
Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java (BC-WD-JAV) in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote malicious use...
Sap Netweaver Nw04 Sp17
Sap Netweaver Nw04 Sp18
Sap Sap Basis Component 640
Sap Sap Basis Component 700
Sap Netweaver Nw04s Sp11
Sap Netweaver Nw04s Sp7
Sap Netweaver Nw04 Sp19
Sap Netweaver Nw04s Sp10
Sap Netweaver Nw04 Sp15
Sap Netweaver Nw04 Sp16
Sap Netweaver Nw04s Sp8
Sap Netweaver Nw04s Sp9
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »