CVE-2017-8852

SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note...

CVE-2017-8852

Summary : CVE-2017-8852 affects SAP SAPCAR 721.510. A heap-based buffer overflow occurs in the SAPCAR archive parser when processing specially crafted CAR archives, potentially enabling local code execution. The vulnerability arises from copying a length field derived from data in the archive int...

RCE via path Traversal using CSRF in SAP CRM

Application: SAP NetWeaver Versions Affected: SAP CRM 13676083 Vendor URL: SAP Bugs: CSRF, Path Traversal Reported: 05.10.2017 Vendor response: 06.10.2017 Date of Public Advisory: 13.02.2018 Reference: SAP Security Note 2547431 Author: Vahagn Vardanyan ERPScan, Vladimir Egorov ERPScan VULNERABILI...

HANA server memory disclosure

Application: SAP NetWeaver Versions Affected: SAP HANA 1.0, 2.0 all versions Vendor URL: SAP Bugs: Information Disclosure Reported: 05.10.2017 Vendor response: 06.10.2017 Date of Public Advisory: 13.02.2018 Reference: SAP Security Note 2572940 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATIO...

CVE-2017-7696

SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service memory consumption via large values in the width and height parameters to otplogonuiresources/qr, aka SAP Security Note 2389042...

CVE-2017-7696

SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service memory consumption via large values in the width and height parameters to otplogonuiresources/qr, aka SAP Security Note 2389042...

CVE-2017-7717

SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504...

CVE-2017-7717

SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504...

Design/Logic Flaw

SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service memory consumption via large values in the width and height parameters to otplogonuiresources/qr, aka SAP Security Note 2389042...

Sql injection

SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504...

CVE-2017-7717

SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504...

CVE-2016-6818

SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service data deletion, or launch administrative operations or possibly OS commands via a crafted SQL query. The vendor...

CVE-2016-6818

SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service data deletion, or launch administrative operations or possibly OS commands via a crafted SQL query. The vendor...

CVE-2016-6818

SAP Business Intelligence platform before January 2017 is vulnerable to SQL injection via crafted SQL queries, allowing remote attackers to obtain sensitive information, modify data, cause a DoS by data deletion, or launch administrative operations and potentially OS commands. Root cause: insuffi...

CVE-2016-6143

SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806...

CVE-2016-6143

SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806...

Code injection

SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806...

CVE-2016-6143

CVE-2016-6143 impact: SAP HANA DB 1.00.73.00.389160 is vulnerable to remote code execution via vectors involving the audit logs (SAP Security Note 2170806). Multiple connected sources confirm this entry and describe an arbitrary code execution possibility. CVSS data indicates high to critical sev...

CVE-2016-6143

SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806...

CVE-2017-7691

A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator BWA. The vendor response is SAP Security Note 2419592...