CVE-2015-3980

The SAP CRM vulnerability CVE-2015-3980 affects the Business Rules Framework (CRM-BF-BRF) in SAP CRM. It is a SQL injection flaw that lets attackers remotely submit specially crafted SQL queries to the backend, enabling data manipulation or disclosure. Root cause appears to be unsafe SQL handling...

CVE-2015-3978

CVE-2015-3978 affects the SAP Sybase Unwired Platform Online Data Proxy. A vulnerability in the DataVault library could allow a local attacker to obtain usernames and passwords, as noted in SAP Security Note 2094830. The CVSS-derived data indicates a local attack with low base severity and partia...

CVE-2015-3978

SAP Sybase Unwired Platform Online Data Proxy allows local users to obtain usernames and passwords via the DataVault, aka SAP Security Note 2094830...

CVE-2015-3980

SQL injection vulnerability in the Business Rules Framework CRM-BF-BRF in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534...

CVE-2015-3981

SAP NetWeaver RFC SDK allows attackers to obtain sensitive information via unspecified vectors, aka SAP Security Note 2084037...

CVE-2015-3979

Unspecified vulnerability in the Business Rules Framework CRM-BF-BRF in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534...

SAP NetWeaver - internal special account password leak

Application: SAP Netweaver Versions Affected: SAP Netweaver 7.4 Vendor URL: SAP Bugs: Coding error, Reading sensitive user data Send: 05.09.2015 Reported: 05.09.2015 Vendor response: 06.09.2015 Date of Public Advisory: 08.12.2015 Reference: SAP Security Note 2240946 Author: Dmitry Chastuhin,...

SAP PCo agent - DoS vulnerability

Application: SAP PCo Vendor: Bugs: DoS Reported: 05.09.2015 Vendor response: 06.09.2015 Date of Public Advisory: 20.11.2015 Reference: SAP Security Note 2238619 Author: Mathieu GELI ERPScan VULNERABILITY INFORMATION Class: Denial of service Impact: Disrupt operational status Remotely Exploitable:...

SAP MII - Encryption Downgrade vulnerability

Application: SAP MII Vendor URL: http://www.sap.com Bugs: Cryptographic issues Reported: 05.09.2015 Vendor response: 06.09.2015 Date of Public Advisory: 20.11.2015 Reference: SAP Security Note 2240274 Author: Mathieu GELI ERPScan VULNERABILITY INFORMATION Class: Cryptographic issues Impact: readi...

SAP NetWeaver 7.4 - XXE

Application: SAP NetWeaver Portal 7.4 Vendor URL: http://www.sap.com Bugs: XML eXternal Entity Reported: 16.04.2015 Vendor response: 17.04.2015 Date of Public Advisory: 11.08.2015 Reference: SAP Security Note 2168485 Authors: Roman Bezhan ERPScan VULNERABILITY INFORMATION Class: XML External Enti...

SAP JAVA AS jstart - DoS vulnerability

Application: SAP JAVA AS Versions Affected: SAP JAVA AS 7.2 – 7.4 Vendor URL: SAP Bugs: Denial of Service Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 14.03.2016 Reference: SAP Security Note 2259547 Author: Dmitry Yudin ERPScan @ret5et Vulnerability Information Class:...

SAP Telnet Console - Directory traversal vulnerability

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.4 Vendor URL: SAP Bugs: Directory traversal Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2280371 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATIO...

SAP JAVA AS icman - DoS vulnerability

Application: SAP JAVA AS Versions Affected: SAP JAVA AS 7.2 – 7.4 Vendor URL: SAP Bugs: Denial of Service Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 14.03.2016 Reference: SAP Security Note 2256185 Author: Dmitry Yudin ERPScan @ret5et Vulnerability Information Class:...

SAP NetWeaver Enqueue Server - DoS vulnerability

Application: SAP AS JAVA Versions Affected: SAP AS JAVA 7.1 – 7.4 Vendor URL: SAP Bugs: Denial of Service Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 12.04.2016 Reference: SAP Security Note 2258784 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class:...

SAP NetWeaver AS Java 7.4 DataArchivingService servlet XSS

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.4 Vendor URL: SAP Bugs: XXS Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 11.04.2017 Reference: SAP Security Note 2308535 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XSS...

SAP NetWeaver directory creation outside of the JVM

Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS JAVA UMEADMIN component Vendor URL: SAP Bugs: Directory traversal Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 13.12.2016 Reference: SAP Security Note 2310790 Author: Mathieu Geli ERPScan VULNERABILITY...

SAP NetWeaver Java AS WD_CHAT - Information disclosure vulnerability

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.1 – 7.5 Vendor URL: SAP Bugs: Information disclosure Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2255990 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none...

CVE-2015-2820

Buffer overflow in XcListener in SAP Afaria 7.0.6001.5 allows remote attackers to cause a denial of service process termination via a crafted request, aka SAP Security Note 2132584...

CVE-2015-2819

SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a denial of service crash via a crafted request, aka SAP Security Note 2108161...