3094 matches found
CVE-2017-15297
SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. This is SAP Security Note 2442993...
Authentication flaw
SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. This is SAP Security Note 2442993...
CVE-2017-15293
Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. This is SAP Security Note 2520064...
CVE-2017-15294
The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964...
Cross site request forgery (csrf)
The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964...
Design/Logic Flaw
The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964...
CVE-2017-15294
The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964...
CVE-2017-15293
Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. This is SAP Security Note 2520064...
CVE-2017-15294
The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964...
CVE-2017-15295
Xpress Server in SAP POS does not require authentication for read/write/delete file access. This is SAP Security Note 2520064...
CVE-2017-15296
The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964...
CVE-2017-15296
The CVE-2017-15296 vulnerability affects the Java component of SAP Customer Relationship Management (SAP CRM). The issue is a Cross-Site Request Forgery (CSRF) vulnerability described in SAP Security Note 2478964. Exploitation could allow an attacker to perform unauthorized operations within SAP ...
CVE-2017-15297
CVE-2017-15297 concerns SAP Hostcontrol where the SOAP SAPControl endpoint does not require authentication, enabling unauthenticated access. The vulnerability is documented in SAP Security Note 2442993. According to the NVD entry, the affected component is the SAP Hostcontrol SOAP interface, with...
CVE-2017-15297
SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. This is SAP Security Note 2442993...
CVE-2017-14581
The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service service crash via a crafted request, aka SAP Security Note 2389181...
Design/Logic Flaw
The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service service crash via a crafted request, aka SAP Security Note 2389181...
CVE-2017-14581
The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service service crash via a crafted request, aka SAP Security Note 2389181...
CVE-2017-14581
The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service service crash via a crafted request, aka SAP Security Note 2389181...
CVE-2017-14511
An issue was discovered in SAP E-Recruiting aka ERECRUIT 605 through 617. When an external applicant registers to the E-Recruiting application, he/she receives a link by email to confirm access to the provided email address. However, this measure can be bypassed and attackers can register and...
Code injection
An issue was discovered in SAP E-Recruiting aka ERECRUIT 605 through 617. When an external applicant registers to the E-Recruiting application, he/she receives a link by email to confirm access to the provided email address. However, this measure can be bypassed and attackers can register and...