CVE-2015-2811

XML external entity XXE vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939...

CVE-2015-2813

CVE-2015-2813: XXE vulnerability in SAP Mobile Platform. The SAP XML parser at /scc/messagebroker/http improperly processes user-supplied DTDs, enabling remote attackers to disclose information, DoS, or read local files. Affected versions include SAP Mobile Platform 2.2 and 2.3 (likely others). R...

CVE-2015-2816

The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict access, which allows remote attackers to have unspecified impact via a crafted request, aka SAP Security Note 2134905...

CVE-2015-2820

SAP Afaria’s XcListener is affected by a buffer overflow that can be triggered by a crafted request, causing remote denial of service (process termination). This is tied to CVE-2015-2820 and SAP Security Note 2132584. ERPScan’s advisory confirms the affected component and provides PoC details sho...

CVE-2015-2813

XML external entity XXE vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358...

CVE-2015-2819

SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a denial of service crash via a crafted request, aka SAP Security Note 2108161...

CVE-2015-2819

CVE-2015-2819 affects SAP Sybase SQL Anywhere 11 and 16. An anonymous, remotely exploitable DoS can be triggered by a crafted request, crashing the server. ERPScan’s advisory (ERPSCAN-15-010) and SAP Security Note 2108161 describe the vulnerability and remediation. A PoC is included in the adviso...

CVE-2015-2818

CVE-2015-2818 describes an XML External Entity (XXE) vulnerability in SAP Mobile Platform 3. The issue arises from XXE processing in XML inputs, allowing a remote attacker to craft XML that can cause requests to internal/intranet servers. The vulnerability is associated with SAP Mobile Platform 3...

SAP Mobile Platform 3 - XXE Vulnerability in Add Repository

Application: SAP Mobile Platform 3 Vendor URL: http://www.sap.com Bugs: XML eXternal Entity Reported: 13.03.2015 Vendor response: 13.03.2015 Date of Public Advisory: 15.06.2015 Reference: SAP Security Note 2159601 Authors: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XML External...

SAP Mobile Platform 2.3 - XXE vulnerability in application import

Application: SAP Mobile Platform 2.3 Vendor URL: http://www.sap.com Bugs: XML eXternal Entity Reported: 25.02.2015 Vendor response: 25.02.2015 Date of Public Advisory: 11.08.2015 Reference: SAP Security Note 2152227 Authors: Vahagn Vardanyan ERPScan Vulnerability information Class: XML External...

SAP Afaria - Stored XSS

Application: SAP Afaria 7 Vendor URL: http://www.sap.com Bugs: XSS Reported: 18.02.2015 Vendor response: 18.02.2015 Date of Public Advisory: 11.08.2015 Reference: SAP Security Note 2152669 Authors: Dmitry Chastukhin ERPScan Vulnerability information Class: XML External Entity CWE-79 Impact: Store...

SAP NetWeaver 7.4 - cryptographic issues

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4 Vendor URL: http://www.sap.com Bugs: cryptographic issues Reported: 01.09.2015 Vendor response: 02.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2191290 Author: Vahagn Vardanyan ERPScan VULNERABILITY...

SAP NetWeaver 7.4 (MDT component) - XSS vulnerability

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4 Vendor URL: http://www.sap.com Bugs: XSS Reported: 01.09.2015 Vendor response: 02.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2206793 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class:...

CVE-2014-9569

Multiple cross-site scripting XSS vulnerabilities in SAP NetWeaver Business Client NWBC for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the 1 title or 2 roundtrips parameter, aka SAP Security Note 2051285...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in SAP NetWeaver Business Client NWBC for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the 1 title or 2 roundtrips parameter, aka SAP Security Note 2051285...

CVE-2014-9569

Multiple cross-site scripting XSS vulnerabilities in SAP NetWeaver Business Client NWBC for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the 1 title or 2 roundtrips parameter, aka SAP Security Note 2051285...

SAP Mobile Platform - XXE

Application: Mobile Platform 3 Vendor URL: http://www.sap.com Bugs: XML External Entity Reported: 29.12.2014 Vendor response: 30.12.2014 Date of Public Advisory: 15.03.2015 Reference: SAP Security Note 2125513 Authors: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XML External Entity...

[CORE-2014-0007] -SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability 1. Advisory Information Title: SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability Advisory ID: CORE-2014-0007 Advisory URL:...

SAP Netweaver Enqueue Server Trace Pattern Denial Of Service

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability 1. Advisory Information Title: SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability Advisory ID: CORE-2014-0007 Advisory URL:...

SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability

Advisory ID Internal CORE-2014-0007 1. Advisory Information Title: SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability Advisory ID: CORE-2014-0007 Advisory...