CVE-2017-11459

SAP TREX 7.10 allows remote attackers to 1 read arbitrary files via an fget command or 2 write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592...

CVE-2017-11458

SAP NetWeaver AS JAVA 7.3 is affected by a Cross-Site Scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet. An attacker can inject arbitrary script via the sessionID parameter, enabling remote script execution in affected sessions. Root cause is exposure of unsanitized sessionID inpu...

Design/Logic Flaw

SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service process crash via vectors involving disp+work.exe, aka SAP Security Note 2406841...

Design/Logic Flaw

SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804...

CVE-2017-9844

SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804. NOTE: The vendor states that the devserver package of Visual Composer...

Design/Logic Flaw

disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service resource consumption via a crafted DIAG request, aka SAP Security Note 2405918...

CVE-2017-9845

disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service resource consumption via a crafted DIAG request, aka SAP Security Note 2405918...

CVE-2017-9845

disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service resource consumption via a crafted DIAG request, aka SAP Security Note 2405918...

CVE-2017-9843

SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service process crash via vectors involving disp+work.exe, aka SAP Security Note 2406841...

CVE-2017-9844

SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804. NOTE: The vendor states that the devserver package of Visual Composer...

CVE-2017-9845

CVE-2017-9845 affects SAP NetWeaver 7.40 with the vulnerable disp+work 7400.12.21.30308. The issue resides in the disp+work.exe process (dynpen00) and can be triggered by sending a crafted DIAG request, leading to denial of service via resource consumption. CVSSv3.0 base score is 7.5 (Network, Lo...

PT-2017-19211 · Sap · Sap Netweaver As Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS ABAP version 7.40 Description: The issue allows remote authenticated users with certain privileges to cause a denial of service, resulting in a process crash. This is achieved through vectors involving disp+work.exe...

The vulnerability of the SAP HANA database management system allows a hacker to execute arbitrary code.

The vulnerability of the SAP HANA database management system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely, using vectors that include audit logs. This is referred to as SAP Security Note 2170806...

XSS in CRM (Administration Console, Java)

Application: SAP Java CRM Versions Affected: SAP Java CRM 700-754 Vendor URL: SAP Bug: XSS Reported: 20.06.2017 Vendor response: 21.06.2017 Date of Public Advisory: 11.07.2017 Reference: SAP Security Note 2478964 Author: Vladimir Egorov ERPScan VULNERABILITY INFORMATION Class: XSS Risk: Medium...

HANA DB credentials exposed to XSA applications

Application: SAP HANA Versions Affected: 1.0 SPS11, SPS12 and 2.0 with XS Advanced Vendor URL: SAP Bug: Information Disclosure Reported: 20.06.2017 Vendor response: 21.06.2017 Date of Public Advisory: 14.11.2017 Reference: SAP Security Note 2508673 Author: Mathieu Geli ERPScan VULNERABILITY...

CSRF in SAP Java CRM

Application: SAP CRM Versions Affected: SAP Java CRM 700-754 Vendor URL: SAP Bug: CSRF Reported: 20.06.2017 Vendor response: 21.06.2017 Date of Public Advisory: 11.07.2017 Reference: SAP Security Note 2478964 Author: Vladimir Egorov ERPScan VULNERABILITY INFORMATION Class: CSRF Risk: Medium Impac...

McAfee Antivirus Engine Out of Date

McAfee VirusScan, an antivirus application, is installed on the remote host. However, its antivirus engine is out of date and should be upgraded. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid100784; scriptversion"1.3";...

Xxe

SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity XXE attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.inWCSX/com.sap.b1i.vplatform.runtime/INBWSCALLSYNCXPT/INBWSCALLSYNCXPT.ipo/proc, aka SAP Security Note 2378065...

CVE-2016-6256

SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity XXE attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.inWCSX/com.sap.b1i.vplatform.runtime/INBWSCALLSYNCXPT/INBWSCALLSYNCXPT.ipo/proc, aka SAP Security Note 2378065...

CVE-2016-6256

SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity XXE attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.inWCSX/com.sap.b1i.vplatform.runtime/INBWSCALLSYNCXPT/INBWSCALLSYNCXPT.ipo/proc, aka SAP Security Note 2378065...