CVE-2016-2388

The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846...

CVE-2016-2387

CVE-2016-2387 pertains to SAP NetWeaver 7.4, affecting the Java Proxy Runtime ProxyServer servlet. The vulnerability enables cross-site scripting (XSS) via the ProxyServer/register endpoint, by manipulating the ns or interface parameters, as noted in SAP Security Note 2220571. Public advisories (...

CVE-2016-2386

SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

CVE-2016-2388

The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

SAP HANA 1.00.095 - hdbindexserver Memory Corruption

ERPSCAN-15-024 SAP HANA hdbindexserver - Memory corruption Application: SAP HANA Versions Affected: SAP HANA 1.00.095 Vendor URL: http://SAP.com Bugs: Memory corruption, RCE Reported: 17.07.2015 Vendor response: 18.07.2015 Date of Public Advisory: 13.10.2015 Reference: SAP Security Note 2197428...

SAP HANA 1.00.095 - hdbindexserver Memory Corruption

SAP HANA 1.00.095 - hdbindexserver Memory Corruption ERPSCAN-15-024 SAP HANA hdbindexserver - Memory corruption Application: SAP HANA Versions Affected: SAP HANA 1.00.095 Vendor URL: http://SAP.com Bugs: Memory corruption, RCE Reported: 17.07.2015 Vendor response: 18.07.2015 Date of Public...

CVE-2016-1928

Buffer overflow in the XS engine hdbxsengine in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security Note 2241978...

Buffer overflow

Buffer overflow in the XS engine hdbxsengine in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security Note 2241978...

Design/Logic Flaw

The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service disk consumption and process crash via a crafted HTTP request, related to an unspecified debug function, aka SAP Security Note 2241978...

CVE-2016-1928

Buffer overflow in the XS engine hdbxsengine in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security Note 2241978...

Code injection

The User Management Engine UME in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290...

CVE-2016-1910

CVE-2016-1910 affects SAP NetWeaver 7.4 UME (User Management Engine) and is described as a cryptographic issue enabling attackers to decrypt data via unspecified vectors (SAP Security Note 2191290). The connected materials indicate this is a crypto-issue vulnerability with publicly available PoCs...

SAP Hostcontrol remote DOS

Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java 7.0 – 7.5 Vendor URL: SAP Bug: DoS Reported: 01.11.2016 Vendor response: 02.11.2016 Date of Public Advisory: 13.06.2017 Reference: SAP Security Note 2389181 Authors: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: D...

SAP Netweaver Java deserialization of untrusted user value in metadatauploader

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7400.12.21.30308 Vendor URL: SAP Bugs: DoS Reported: 01.11.2016 Vendor response: 02.11.2016 Date of Public Advisory: 14.03.2017 Reference: SAP Security Note 2399804 Author: Vahagn VardanyanERPScan & Mathieu Geli ERPScan VULNERABILITY...

Authorization

SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization checks and wipe or lock mobile devices via a crafted request, related to "Insecure signature," aka SAP Security Note 2134905...

CVE-2015-8753

The CVE concerns SAP Afaria 7.0.6001.5, where a crafted request allows remote attackers to bypass authorization and wipe or lock mobile devices. The issue is described as related to an

SAP SQL Anywhere MobiLink Synchronization Server - buffer overflow vulnerability

Application: SAP SQL Anywhere MobiLink Synchronization Server 17 Vendor URL: SAP Bug: Buffer overflow Reported: 01.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 14.06.2016 Reference: SAP Security Note 2308778 Author: Vahagn VardanyanERPScan VULNERABILITY INFORMATION Class: Buffer...

SAP Adaptive Server Enterprise - DoS vulnerability

Application: SAP Adaptive Server Enterprise Versions Affected: SAP Adaptive Server Enterprise 16 Vendor URL: SAP Bug: Denial of Service Reported: 01.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 12.07.2016 Reference: SAP Security Note 2330839 Author: Vahgan Vardanyan ERPScan...

SAP Business Object Data Services - directory traversal

Application: SAP Data Services 4.2 Vendor URL: SAP Bug: Directory Travesal Reported: 01.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 14.06.2016 Reference: SAP Security Note 2300346 Author: Nursultan Abubakirov ERPScan VULNERABILITY INFORMATION Class: directory traversal Impact:...

SAP Afaria - Authorization bypass, Insecure signature

Application: SAP Afaria 7.0.6001.5 Vendor URL: http://www.sap.com Bugs: Authorization bypass Reported: 12.03.2015 Vendor response: 13.03.2015 Date of Public Advisory: 12.05.2015 Reference: SAP Security Note 2134905 Authors: Dmitry Chastukhin ERPScan Description An anonymous attacker can spoof a...