768 matches found
CVE-2017-8914
sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694...
CVE-2017-8913
The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity XXE attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873...
CVE-2017-8915
sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service assertion failure and service crash by pushing a package with a filename containing a $ dollar sign or % percent character, aka SAP Security Note 2407694...
CVE-2017-8913
The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity XXE attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873...
Code injection
sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694...
Xxe
The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity XXE attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873...
Code injection
sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service assertion failure and service crash by pushing a package with a filename containing a $ dollar sign or % percent character, aka SAP Security Note 2407694...
CVE-2017-8914
sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694...
CVE-2017-8914
CVE-2017-8914 affects SAP HANA XS Sinopia (HDB 1.00 and 2.00). The root cause is an insecure default user-creation policy in Sinopia, enabling remote attackers to hijack npm packages or host arbitrary files. Public disclosures reference ERPScan and SAP Security Note 2407694; the advisory describe...
CVE-2017-8915
sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service assertion failure and service crash by pushing a package with a filename containing a $ dollar sign or % percent character, aka SAP Security Note 2407694...
CVE-2017-8913
The CVE-2017-8913 vulnerability affects SAP NetWeaver AS JAVA 7.5, specifically the Visual Composer VC70RUNTIME component. Affected files/components include VC70RUNTIME (7.30–7.50) and VCFRAMEWORK/VCFLEX7.00 as listed in public advisories. The issue is an XML External Entity (XXE) vulnerability t...
CVE-2017-8915
CVE-2017-8915 affects SAP HANA XS sinopia npm registry (HDB 1.00 and 2.00). The issue arises when a package is pushed with a filename containing a '$' or '%' character, triggering an assertion failure in storage logic and causing a denial-of-service (service crash). Exploitation details are docum...
Log injection in SAP NetWeaver AS Java using basic auth
Application: SAP NetWeaver AS Java Versions Affected: ENGINEAPI 7.10-7.50 Vendor URL: SAP Bug: Log Injection Reported: 17.05.2017 Vendor response: 18.05.2017 Date of Public Advisory: 14.11.2017 Reference: SAP Security Note 2485208 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class:...
XSS in SAP NetWeaver AS Java SRM
Application: SAP SRM Versions Affected: SAP SRM 701 – 714 Vendor URL: SAP Bug: XSS Reported: 17.05.2017 Vendor response: 18.05.2017 Date of Public Advisory: 08.08.2017 Reference: SAP Security Note 2493099 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XSS Risk: Medium Impact:...
Denial of Service in Enqueue server
Application: SAP Enqueue Versions Affected: 7490.17.26.5735 Vendor URL: SAP Bug: DoS Reported: 16.05.2017 Vendor response: 17.05.2017 Date of Public Advisory: 10.10.2017 Reference: SAP Security Note 2476937 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: Denial of Service Risk:...
Insecure log configuration in TREX
Application: SAP TREX Versions Affected: SAP TREX 7.1-7.25 Vendor URL: SAP Bug: Information disclosure Reported: 16.05.2017 Vendor response: 17.05.2017 Date of Public Advisory: 12.09.2017 Reference: SAP Security Note 2489196 Author: Nursultan Abubakirov ERPScan VULNERABILITY INFORMATION Class:...
SAP POS Missing Authentication in XpressServer
Application: SAP POS Xpress Server Vendor URL: SAP Bug: Missing Authentication Check Reported: 15.05.2017 Vendor response: 16.05.2017 Date of Public Advisory: 11.07.2017 Reference: SAP Security Note 2520064 Author: Vladimir Egorov ERPScan VULNERABILITY INFORMATION Class: Missing Authentication...
CVE-2017-8852
SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note...
Heap overflow
SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note...
CVE-2017-8852
SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note...