CVE-2015-2817

The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768...

CVE-2015-2816

The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict access, which allows remote attackers to have unspecified impact via a crafted request, aka SAP Security Note 2134905...

CVE-2015-2814

SAP EMR Unwired com.sap.mobile.healthcare.emr.v2 and Clinical Task Tracker com.sap.mobile.healthcare.ctt does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079...

CVE-2015-2813

XML external entity XXE vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358...

CVE-2015-2812

XML external entity XXE vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966...

Buffer overflow

Buffer overflow in XcListener in SAP Afaria 7.0.6001.5 allows remote attackers to cause a denial of service process termination via a crafted request, aka SAP Security Note 2132584...

Code injection

SAP EMR Unwired com.sap.mobile.healthcare.emr.v2 and Clinical Task Tracker com.sap.mobile.healthcare.ctt does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079...

Design/Logic Flaw

SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a denial of service crash via a crafted request, aka SAP Security Note 2108161...

Xxe

XML external entity XXE vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939...

Xxe

XML external entity XXE vulnerability in SAP Mobile Platform 3 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125513...

Xxe

XML external entity XXE vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358...

CVE-2015-2819

CVE-2015-2819 affects SAP Sybase SQL Anywhere 11 and 16. An anonymous, remotely exploitable DoS can be triggered by a crafted request, crashing the server. ERPScan’s advisory (ERPSCAN-15-010) and SAP Security Note 2108161 describe the vulnerability and remediation. A PoC is included in the adviso...

CVE-2015-2815

CVE-2015-2815 affects the SAP NetWeaver Dispatcher in SAP Kernel. Vulnerable are SAP KERNEL 7.00 (32-bit, disp+work.exe 7000.52.12.34966) and 7.40 (64-bit, disp+work.exe 7400.12.21.30308). The issue is a buffer overflow in C_SAPGPARAM that can be exploited by an authenticated remote attacker to e...

CVE-2015-2813

CVE-2015-2813: XXE vulnerability in SAP Mobile Platform. The SAP XML parser at /scc/messagebroker/http improperly processes user-supplied DTDs, enabling remote attackers to disclose information, DoS, or read local files. Affected versions include SAP Mobile Platform 2.2 and 2.3 (likely others). R...

CVE-2015-2820

SAP Afaria’s XcListener is affected by a buffer overflow that can be triggered by a crafted request, causing remote denial of service (process termination). This is tied to CVE-2015-2820 and SAP Security Note 2132584. ERPScan’s advisory confirms the affected component and provides PoC details sho...

CVE-2015-2818

CVE-2015-2818 describes an XML External Entity (XXE) vulnerability in SAP Mobile Platform 3. The issue arises from XXE processing in XML inputs, allowing a remote attacker to craft XML that can cause requests to internal/intranet servers. The vulnerability is associated with SAP Mobile Platform 3...

CVE-2015-2811

XML external entity XXE vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939...

CVE-2015-2812

XML external entity XXE vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966...

CVE-2015-2813

XML external entity XXE vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358...

CVE-2015-2814

SAP EMR Unwired com.sap.mobile.healthcare.emr.v2 and Clinical Task Tracker com.sap.mobile.healthcare.ctt does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079...