SAP HANA metadata.xsjs - SQL injection

Application: SAP HANA Versions Affected: 1.00.60.379371 Vendor URL: http://www.sap.com Bugs: SQL injection Exploits: YES Reported: 09.04.2014 Vendor response: 10.04.2014 Date of Public Advisory: 17.10.2014 Reference: SAP Security Note 2067972 Author: Dmitry Chastukhin ERPScan Description SQL...

SAP Kernel - RCE, DoS

Application: SAP NetWeaver Dispatcher Versions Affected: SAP Kernel 7.00 32BIT, 7.40 64BIT Vendor URL: http://www.sap.com Bugs: Buffer Overflow – RCE, DoS Exploits: YES Reported: 25.08.2014 Vendor response: 25.08.2014 Date of Public Advisory: 15.12.2014 Reference: SAP Security Note 2059734 Author...

SAP NetWeaver AS Java CIM UPLOAD - XXE

Application: SAP NetWeaver AS Java Vendor URL: http://www.sap.com Bugs: XML External Entity Reported: 16.06.2014 Vendor response: 17.06.2014 Date of Public Advisory: 18.05.2015 Reference: SAP Security Note 2090851 Authors: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XML External...

SAP CRM crm_flex_data - XXE

Application: SAP CRM Versions Affected: SAP CRM 7.02 EHP 2 Vendor URL: http://www.sap.com Bugs: XXE Exploits: YES Reported: 09.07.2013 Vendor response: 10.07.2013 Date of Public Advisory: 16.11.2013 Reference: SAP Security Note 1909665 Authors: Alexey Tyurin, Nikolay Mescherin ERPScan Description...

SAP NetWeaver DI - Arbitrary file upload

Application: SAP NetWeaver J2EE Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs: Arbitrary file upload/Security bypass Exploits: YES Reported: 11.12.2012 Vendor response: 12.12.2012 Date of SAP Security Note Published: 12.02.2013 Date of Public Advisory: 20.02.2013 Reference:...

SAP NetWeaver RSDDCVER_COUNT_TAB_COLS - Potential SQL Injection

Application: SAP NetWeaver Versions Affected: 7.30 Basis 720 SP 0, Kernel 720 patch 68 Vendor URL: http://www.sap.com Bugs: SQL injection Exploits: NO Reported: 22.10.2012 Vendor response: 23.10.2012 Date of Public Advisory: 16.11.2013 Reference: SAP Security Note 1836718 CVSS:...

SAP NetWeaver HTTP - Partial HTTP POST requests DoS

Application: SAP Versions Affected: SAP Netweaver 7.02/7.3, probably others Vendor URL: http://www.sap.com Bugs: Denial of Service Exploits: YES Reported: 25.09.2012 Vendor response: 26.09.2012 Date of Public Advisory: 17.10.2014 Reference: SAP Security Note 1986725 Author: Alexey Tyurin ERPScan...

SAP NetWeaver - Authentication bypass (Verb Tampering)

Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs:Auth bypass, Verb tampering Exploits: YES Reported: 14.03.2011 Vendor response:15.03.2011 Date of Public Advisory:11.11.2011 CVSS: 10 by ERPSCAN 7.3 by SAP Author:Alexandr Polyakov Description...

SAP NetWaver Virus Scan Interface - multiple XSS

Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs:Linked XSS Vulnerability Exploits: YES Reported: 01.04.2010 Vendor response:08.04.2010 Date of Public Advisory:11.11.2011 CVSS:4.3 Author: Dmitriy Evdokimov Description SAP Netweaver Virus Scan Interfa...