SAP HANA Sinopia - default user creation policy insecure

Application: SAP HANA Versions Affected: SAP HANA SPS12 Vendor URL: SAP Bug: Insecure default configuration Reported: 13.12.2016 Vendor response: 14.12.2016 Date of Public Advisory: 14.02.2017 Reference: SAP Security Note 2407694 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class:...

SAP NetWeaver AS Java XSS in GenericSemanticTest component

Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java 7.4 Vendor URL: SAP Bugs: XSS Reported: 13.12.2016 Vendor response: 14.12.2016 Date of Public Advisory: 14.03.2017 Reference: SAP Security Note 2408100 Author: Boris Sanin ERPScan VULNERABILITY INFORMATION Class: XSS...

SAP HANA XS Sinopia - DoS vulnerability

Application: SAP HANA Versions Affected: SAP HANA 1 and SAP HANA 2 Vendor URL: SAP Bug: DoS Reported: 13.12.2016 Vendor response: 14.12.2016 Date of Public Advisory: 14.02.2017 Reference: SAP Security Note 2407694 Authors: Mikhail Medvedev ERPScan, Mathieu Geli ERPScan VULNERABILITY INFORMATION...

SAP Solman - user accounts disclosure CVE-2016-10005

Application: SAP Solman Versions Affected: SAP Solman 7.1-7.31 Vendor URL: SAP Bugs: Information Disclosure Reported: 12.07.2016 Vendor response: 13.07.2016 Date of Public Advisory: 13.09.2016 Reference: SAP Security Note 2344524 Author: Roman Bezhan ERPScan VULNERABILITY INFORMATION CVE-2016-100...

CVE-2016-9562

SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service null pointer exception and icman outage via an HTTPS request to the sap.comP4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835...

CVE-2016-9562

SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service null pointer exception and icman outage via an HTTPS request to the sap.comP4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835...

Null pointer dereference

SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service null pointer exception and icman outage via an HTTPS request to the sap.comP4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835...

CVE-2016-9563

This CVE concerns XML External Entity (XXE) injection in SAP NetWeaver AS Java 7.5, specifically the BC-BMT-BPM-DSK component exposed via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI. Root cause is an XXE flaw that could allow an authenticated remote attacker to read arbitrary fil...

CVE-2016-9563

BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity XXE attacks via the sap.comtcbpemhimuwlconnproviderweb/bpemuwlconn URI, aka SAP Security Note 2296909. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

SAP NetWeaver AS JAVA - BC-BMT-BPM-DSK XML External Entity Injection

SAP NetWeaver AS JAVA - BC-BMT-BPM-DSK XML External Entity Injection Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.5 Vendor URL: SAP Bugs: XXE Reported: 09.03.2016 Vendor response: 10.03.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2296909...

SAP NetWeaver AS JAVA - 'BC-BMT-BPM-DSK' XML External Entity Injection

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.5 Vendor URL: SAP Bugs: XXE Reported: 09.03.2016 Vendor response: 10.03.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2296909 Author: Vahagn Vardanyan ERPScan 1. ADVISORY INFORMATION Title:...

SAP NetWeaver AS JAVA 7.4 XXE Injection

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.4 Vendor URL: http://SAP.com Bug: XXE Sent: 09.03.2016 Reported: 10.03.2016 Vendor response: 10.03.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2296909 Author: Vahagn Vardanyan ERPScan Descripti...

SAP NetWeaver AS JAVA 7.4 Denial Of Service

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.4 Vendor URL: http://SAP.com Bug: Denial of Service Sent: 22.04.2016 Reported: 23.04.2016 Vendor response: 23.04.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2313835 Author: Vahagn Vardanyan...

SAP NetWeaver AS JAVA 7.5 Directory Traversal Vulnerability

SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer from a directory traversal vulnerability. Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 to 7.5 Vendor URL: http://SAP.com Bugs: Directory traversal Sent: 04.12.2015 Reported: 05.12.2015 Vendor response:...

SAP NetWeaver AS ABAP 7.4 Directory Traversal

Application: SAP NetWeaver AS ABAP Versions Affected: SAP NetWeaver AS ABAP 7.4 Vendor URL: http://SAP.com Bugs: Directory traversal Sent: 22.04.2016 Reported: 23.04.2016 Vendor response: 23.04.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2312966 Author: Daria Prosochkina...

CVE-2016-5616

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6663. Reason: This candidate is a reservation duplicate of CVE-2016-6663. Notes: All CVE users should reference CVE-2016-6663 instead of this candidate. All references and descriptions in this candidate have been removed to...

SAP Adaptive Server Enterprise 16 - Denial of Service

''' Application: SAP Adaptive Server Enterprise Versions Affected: SAP Adaptive Server Enterprise 16 Vendor URL: http://SAP.com Bugs: Denial of Service Sent: 01.02.2016 Reported: 02.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 12.07.2016 Reference: SAP Security Note 2330839 Author...

SAP Adaptive Server Enterprise 16 - Denial of Service

SAP Adaptive Server Enterprise 16 - Denial of Service ''' Application: SAP Adaptive Server Enterprise Versions Affected: SAP Adaptive Server Enterprise 16 Vendor URL: http://SAP.com Bugs: Denial of Service Sent: 01.02.2016 Reported: 02.02.2016 Vendor response: 02.02.2016 Date of Public Advisory:...

SAP NetWeaver KERNEL 7.0 < 7.5 - Denial of Service

''' Application: SAP NetWeaver KERNEL Versions Affected: SAP NetWeaver KERNEL 7.0-7.5 Vendor URL: http://SAP.com Bugs: Denial of Service Sent: 09.03.2016 Reported: 10.03.2016 Vendor response: 10.03.2016 Date of Public Advisory: 12.07.2016 Reference: SAP Security Note 2295238 Author: Dmitry Yudin...

SAP NetWeaver KERNEL 7.5 Buffer Overflow

Application: SAP NetWeaver KERNEL Versions Affected: SAP NetWeaver KERNEL 7.0-7.5 Vendor URL: http://SAP.com Bugs: Denial of Service Sent: 09.03.2016 Reported: 10.03.2016 Vendor response: 10.03.2016 Date of Public Advisory: 12.07.2016 Reference: SAP Security Note 2295238 Author: Dmitry Yudin...