CVE-2016-7437

SAP Netweaver 7.40 improperly logs 1 DUI and 2 DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 225231...

CVE-2016-4407

The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008...

CVE-2016-4407

The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008...

CVE-2016-3946

SAP Console aka SAPConsole 7.30 allows local users to discover SAP Server login credentials by reading the Windows registry, aka SAP Security Note 2121461...

CVE-2016-3638

SAP SLD Registration Program aka SLDREG allows local users to cause a denial of service memory corruption and process termination via a crafted HOST parameter, aka SAP Security Note 2125623...

Memory corruption

SAP SLD Registration Program aka SLDREG allows local users to cause a denial of service memory corruption and process termination via a crafted HOST parameter, aka SAP Security Note 2125623...

Code injection

SAP Console aka SAPConsole 7.30 allows local users to discover SAP Server login credentials by reading the Windows registry, aka SAP Security Note 2121461...

Code injection

The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008...

Code injection

SAP Netweaver 7.40 improperly logs 1 DUI and 2 DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 225231...

CVE-2016-3635

SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity UCON access control list and execute arbitrary Remote Function Modules RFM by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP...

CVE-2016-3946

SAP Console aka SAPConsole 7.30 allows local users to discover SAP Server login credentials by reading the Windows registry, aka SAP Security Note 2121461...

CVE-2016-7437

SAP Netweaver 7.40 improperly logs 1 DUI and 2 DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 225231...

CVE-2016-4407

The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008...

CVE-2016-3638

SAP SLD Registration Program (SLDREG) is the affected component. The issue enables a local attacker to cause a denial of service via a crafted HOST parameter, due to memory corruption and process termination. The root cause is the handling of the HOST parameter within SLDREG. The impact is a loca...

CVE-2016-7437

SAP NetWeaver 7.40 is affected by an issue where the SAP Security Audit Log misclassifies (1) DUI and (2) DUJ events as non-critical, potentially enabling local users to obscure rejected RFC function callback attempts by filtering non-critical events in audit reports. This is linked to SAP Securi...

CVE-2016-3635

CVE-2016-3635 affects SAP NetWeaver 7.4. Remote authenticated users can bypass the Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by using a connection created from an earlier execution of an anonymous RFM included in a Communication Assembly (...

CVE-2016-3946

SAP Console (aka SAPConsole) 7.30 is affected by an information disclosure vulnerability where local users can read the Windows registry to obtain SAP Server login credentials. Root cause: insecure handling/storage of credentials in the Windows registry as described in SAP Security Note 2121461. ...

CVE-2016-7435

The 1 SCTCREFRESHEXPORTTABCOMP, 2 SCTCREFRESHCHECKENV, and 3 SCTCTMSMAINTAINALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security...

Code injection

The 1 SAPBASIS and 2 SAPABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621...

CVE-2016-7435

The 1 SCTCREFRESHEXPORTTABCOMP, 2 SCTCREFRESHCHECKENV, and 3 SCTCTMSMAINTAINALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security...