CVE-2017-11458

SAP NetWeaver AS JAVA 7.3 is affected by a Cross-Site Scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet. An attacker can inject arbitrary script via the sessionID parameter, enabling remote script execution in affected sessions. Root cause is exposure of unsanitized sessionID inpu...

CVE-2017-11459

SAP TREX 7.10 allows remote attackers to 1 read arbitrary files via an fget command or 2 write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592...

CVE-2017-11458

Cross-site scripting XSS vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783...

Design/Logic Flaw

SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service process crash via vectors involving disp+work.exe, aka SAP Security Note 2406841...

CVE-2017-9843

SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service process crash via vectors involving disp+work.exe, aka SAP Security Note 2406841...

CVE-2017-9845

disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service resource consumption via a crafted DIAG request, aka SAP Security Note 2405918...

CVE-2017-9844

SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804. NOTE: The vendor states that the devserver package of Visual Composer...

CVE-2017-9845

disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service resource consumption via a crafted DIAG request, aka SAP Security Note 2405918...

Design/Logic Flaw

disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service resource consumption via a crafted DIAG request, aka SAP Security Note 2405918...

Design/Logic Flaw

SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804...

CVE-2017-9844

SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804. NOTE: The vendor states that the devserver package of Visual Composer...

CVE-2017-9845

CVE-2017-9845 affects SAP NetWeaver 7.40 with the vulnerable disp+work 7400.12.21.30308. The issue resides in the disp+work.exe process (dynpen00) and can be triggered by sending a crafted DIAG request, leading to denial of service via resource consumption. CVSSv3.0 base score is 7.5 (Network, Lo...

PT-2017-19211 · Sap · Sap Netweaver As Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS ABAP version 7.40 Description: The issue allows remote authenticated users with certain privileges to cause a denial of service, resulting in a process crash. This is achieved through vectors involving disp+work.exe...

The vulnerability of the SAP HANA database management system allows a hacker to execute arbitrary code.

The vulnerability of the SAP HANA database management system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely, using vectors that include audit logs. This is referred to as SAP Security Note 2170806...

CSRF in SAP Java CRM

Application: SAP CRM Versions Affected: SAP Java CRM 700-754 Vendor URL: SAP Bug: CSRF Reported: 20.06.2017 Vendor response: 21.06.2017 Date of Public Advisory: 11.07.2017 Reference: SAP Security Note 2478964 Author: Vladimir Egorov ERPScan VULNERABILITY INFORMATION Class: CSRF Risk: Medium Impac...

HANA DB credentials exposed to XSA applications

Application: SAP HANA Versions Affected: 1.0 SPS11, SPS12 and 2.0 with XS Advanced Vendor URL: SAP Bug: Information Disclosure Reported: 20.06.2017 Vendor response: 21.06.2017 Date of Public Advisory: 14.11.2017 Reference: SAP Security Note 2508673 Author: Mathieu Geli ERPScan VULNERABILITY...

XSS in CRM (Administration Console, Java)

Application: SAP Java CRM Versions Affected: SAP Java CRM 700-754 Vendor URL: SAP Bug: XSS Reported: 20.06.2017 Vendor response: 21.06.2017 Date of Public Advisory: 11.07.2017 Reference: SAP Security Note 2478964 Author: Vladimir Egorov ERPScan VULNERABILITY INFORMATION Class: XSS Risk: Medium...

McAfee Antivirus Engine Out of Date

McAfee VirusScan, an antivirus application, is installed on the remote host. However, its antivirus engine is out of date and should be upgraded. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid100784; scriptversion"1.3";...

CVE-2016-6256

SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity XXE attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.inWCSX/com.sap.b1i.vplatform.runtime/INBWSCALLSYNCXPT/INBWSCALLSYNCXPT.ipo/proc, aka SAP Security Note 2378065...

Xxe

SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity XXE attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.inWCSX/com.sap.b1i.vplatform.runtime/INBWSCALLSYNCXPT/INBWSCALLSYNCXPT.ipo/proc, aka SAP Security Note 2378065...