CVE-2015-3978

SAP Sybase Unwired Platform Online Data Proxy allows local users to obtain usernames and passwords via the DataVault, aka SAP Security Note 2094830...

Information disclosure

SAP NetWeaver RFC SDK allows attackers to obtain sensitive information via unspecified vectors, aka SAP Security Note 2084037...

CVE-2015-3980

The SAP CRM vulnerability CVE-2015-3980 affects the Business Rules Framework (CRM-BF-BRF) in SAP CRM. It is a SQL injection flaw that lets attackers remotely submit specially crafted SQL queries to the backend, enabling data manipulation or disclosure. Root cause appears to be unsafe SQL handling...

CVE-2015-3981

SAP NetWeaver RFC SDK is affected by an information-disclosure vulnerability (CVE-2015-3981). Connected sources indicate that remote attackers may obtain sensitive information via unspecified vectors, referencing SAP Security Note 2084037. The exact vulnerable component is the RFC SDK within SAP ...

CVE-2015-3979

Unspecified vulnerability in the Business Rules Framework CRM-BF-BRF in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534...

CVE-2015-3978

SAP Sybase Unwired Platform Online Data Proxy allows local users to obtain usernames and passwords via the DataVault, aka SAP Security Note 2094830...

CVE-2015-3980

SQL injection vulnerability in the Business Rules Framework CRM-BF-BRF in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534...

CVE-2015-3978

CVE-2015-3978 affects the SAP Sybase Unwired Platform Online Data Proxy. A vulnerability in the DataVault library could allow a local attacker to obtain usernames and passwords, as noted in SAP Security Note 2094830. The CVSS-derived data indicates a local attack with low base severity and partia...

CVE-2015-3981

SAP NetWeaver RFC SDK allows attackers to obtain sensitive information via unspecified vectors, aka SAP Security Note 2084037...

SAP MII - Encryption Downgrade vulnerability

Application: SAP MII Vendor URL: http://www.sap.com Bugs: Cryptographic issues Reported: 05.09.2015 Vendor response: 06.09.2015 Date of Public Advisory: 20.11.2015 Reference: SAP Security Note 2240274 Author: Mathieu GELI ERPScan VULNERABILITY INFORMATION Class: Cryptographic issues Impact: readi...

SAP PCo agent - DoS vulnerability

Application: SAP PCo Vendor: Bugs: DoS Reported: 05.09.2015 Vendor response: 06.09.2015 Date of Public Advisory: 20.11.2015 Reference: SAP Security Note 2238619 Author: Mathieu GELI ERPScan VULNERABILITY INFORMATION Class: Denial of service Impact: Disrupt operational status Remotely Exploitable:...

SAP NetWeaver - internal special account password leak

Application: SAP Netweaver Versions Affected: SAP Netweaver 7.4 Vendor URL: SAP Bugs: Coding error, Reading sensitive user data Send: 05.09.2015 Reported: 05.09.2015 Vendor response: 06.09.2015 Date of Public Advisory: 08.12.2015 Reference: SAP Security Note 2240946 Author: Dmitry Chastuhin,...

SAP NetWeaver 7.4 - XXE

Application: SAP NetWeaver Portal 7.4 Vendor URL: http://www.sap.com Bugs: XML eXternal Entity Reported: 16.04.2015 Vendor response: 17.04.2015 Date of Public Advisory: 11.08.2015 Reference: SAP Security Note 2168485 Authors: Roman Bezhan ERPScan VULNERABILITY INFORMATION Class: XML External Enti...

SAP NetWeaver AS Java 7.4 DataArchivingService servlet XSS

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.4 Vendor URL: SAP Bugs: XXS Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 11.04.2017 Reference: SAP Security Note 2308535 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XSS...

SAP JAVA AS icman - DoS vulnerability

Application: SAP JAVA AS Versions Affected: SAP JAVA AS 7.2 – 7.4 Vendor URL: SAP Bugs: Denial of Service Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 14.03.2016 Reference: SAP Security Note 2256185 Author: Dmitry Yudin ERPScan @ret5et Vulnerability Information Class:...

SAP NetWeaver Java AS WD_CHAT - Information disclosure vulnerability

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.1 – 7.5 Vendor URL: SAP Bugs: Information disclosure Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2255990 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION...

SAP Telnet Console - Directory traversal vulnerability

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.4 Vendor URL: SAP Bugs: Directory traversal Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2280371 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATIO...

SAP JAVA AS jstart - DoS vulnerability

Application: SAP JAVA AS Versions Affected: SAP JAVA AS 7.2 – 7.4 Vendor URL: SAP Bugs: Denial of Service Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 14.03.2016 Reference: SAP Security Note 2259547 Author: Dmitry Yudin ERPScan @ret5et Vulnerability Information Class:...

SAP NetWeaver Enqueue Server - DoS vulnerability

Application: SAP AS JAVA Versions Affected: SAP AS JAVA 7.1 – 7.4 Vendor URL: SAP Bugs: Denial of Service Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 12.04.2016 Reference: SAP Security Note 2258784 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class:...

SAP NetWeaver directory creation outside of the JVM

Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS JAVA UMEADMIN component Vendor URL: SAP Bugs: Directory traversal Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 13.12.2016 Reference: SAP Security Note 2310790 Author: Mathieu Geli ERPScan VULNERABILITY...