291 matches found
SAP NetWeaver BW - XML External Entity
Application: SAP BW Versions Affected: SAP BASIS 6.40/7.02 maybe others Vendor URL: http://www.sap.com Bugs:XML External Entity Exploits: YES Reported: 13.05.2011 Vendor response: 14.05.2011 Date of Public Advisory: 30.06.2012 Reference: SAP Security Note 1597066 Author: Alexey Tyurin ERPScan...
SAP Application Administration - local file read
Application: SAP NetWeaver Vendor URL: Bugs: Local file read Risk: High Exploits: YES Reported: 14.03.2011 Vendor response: 15.03.2011 Date of Public Advisory: 17.02.2012 Reference: SAP Security Note 1585527 Description SAP NetWeaver 7.0 Application Administration com.sap.ipc.webapp.ipc has local...
SAP NetWaver JPR Proxy Server — Multiple XSS
Application: SAP NetWeaver Versions Affected: SAP NetWeaver JPR Proxy Vendor URL: Bugs: XSS Exploits: YES Reported: 25.01.2010 Vendor response: 25.01.2010 Date of SAP Security Note Published: 14.09.2010 Date of Public Advisory: 14.12.2010 Author: Dmitriy Evdokimov Description SAP NetWeaver...
SAP RFC SDK — Memory Corruption
Application: RFC SDK SAP AG Versions Affected: RFC SDK 6400-7.20 and SAP GUI 7.10-7.20 Vendor URL: Bugs: Buffer Overflow Exploits: YES Reported: 16.12.2009 Vendor response: 16.12.2009 Date of SAP Security Note Published: 14.09.2010 Date of Public Advisory: 14.12.2010 Author: Alexey Sintsov...
SAP NetWaver SLD — Multiple XSS
Application: SAP NetWeaver SLD Versions Affected: 6.4-7.02 Vendor URL: Bugs: XSS Exploits: YES Reported: 14.12.2009 Vendor response: 15.12.2009 Last response: 06.05.2010 Date of Public Advisory: 13.07.2010 Author: Alexander Polyakov and Alexey Troshichev Description SAP NetWeaver System has...
SAP NetWeaver 7.4 - XSS
Application: SAP NetWeaver J2EE Engine 7.40 Vendor URL: http://www.sap.com Bugs: XSS Reported: 13.07.2015 Vendor response: 24.07.2015 Date of Public Advisory: 09.09.2015 Reference: SAP Security Note 2176785 Authors: Roman Bezhan ERPScan VULNERABILITY INFORMATION Class: Cross-Site Scripting, XSS...
SAP NetWeaver - SMB Relay
Application: SAP Vendor URL: http://www.sap.com Bugs: Security Bypass, Directory Traversal, SMB Relay Exploits: YES Reported: 01.07.2014 Vendor response: 02.07.2014 Date of Public Advisory: 15.12.2014 Reference: SAP Security Note 2077260 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION...
SAP NetWeaver J2EE DAS service - Unauthorized Access
Application: SAP NetWeaver JAVA Vendor URL: http://www.sap.com Bugs: Unauthorized access Reported: 20.04.2013 Vendor response: 21.04.2013 Date of Public Advisory: 15.07.2015 Reference: SAP Security Note 1945215 Authors: Alexander Polyakov ERPScan VULNERABILITY INFORMATION Class: Unauthorized Acce...
SAP DevInfPage - Security Bypass
Application: SAP NetWeaver J2EE Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs: Security Bypass Exploits: YES Reported: 25.09.2012 Vendor response: 26.09.2013 Date of Public Advisory: 09.07.2013 Reference: SAP Security Note 1831053 Author: Dmitry Chastukhin ERPScan Descripti...
SAP NetWeaver Portal - Unauthorized access to OS
Application: SAP NetWeaver Portal Versions Affected: SAP NetWeaver Portal Vendor URL: http://www.sap.com Bugs:Directory Traversal Exploits: YES Reported: 29.07.2011 Vendor response:01.08.2011 Date of Public Advisory:10.04.2012 Reference: SAP Security Note 1630293 Author:Alexey SintsovERPScan...
SAP TesContainerAdmin service - Stored XSS
Application: SAP Cfolders included in: SAP SRM, SAP ECC, SAP Knowledge Management and SAP NetWeaver cRooms Vendor URL: Bugs: Multiple Stored XSS Risk: High Exploits: YES Reported: 13.05.2011 Vendor response: 14.05.2011 Date of Public Advisory: 20.01.2012 Reference: SAP Security Note 1591749...
SAP RSTXSCRP report - smb relay vulnerability
Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs:Path traversal, SMBRelay Exploits: YES Reported: 14.03.2011 Vendor response:16.03.2011 Date of Public Advisory:11.11.2011 CVSS: 2.1 Author: Dmitriy Chastuchin Description SAP RSTXSCRP Report has path...
SAP NetWeaver SPML - XML CSRF user creation
Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs:Command execution Exploits: YES Reported: 14.03.2011 Vendor response:16.03.2011 Date of Public Advisory:11.11.2011 CVSS: 7.3 Author: Alexandr Polyakov Description Attacker can create a new user in J2EE...
SAP NetWeaver MessagingServer — XSS
Application: SAP NetWeaver Versions Affected: SAP NetWeaver Messaging system from 7.10-7.30 Vendor URL: http://www.sap.com Bugs: Linked XSS and Stored XSS Exploits: YES Reported: 25.01.2010 Vendor response: 25.01.2010 Date of Public Advisory: 12.04.2011 Author: Alexandr Polyakov Description...
SAP RFC SDK — Format String
Application: RFC SDK SAP AG Versions Affected: RFC SDK 6.40 7.11 Vendor URL: Bugs: Format String Vulnerability Exploits: YES Reported: 15.12.2009 Vendor response: 18.12.2009 Date of SAP Security Note Published: 14.09.2010 Date of Public Advisory: 14.12.2010 Author: Alexey Sintsov Description SAP...
SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS
Application: SAP NetWeaver Dispatcher Versions Affected: SAP KERNEL 7.00 32BIT, disp+work.exe 7000.52.12.34966 SAP KERNEL 7.20 64BIT, disp+work.exe 7200.117.19.50294 Vendor URL: Bugs: Buffer overflow CWE-119 CVSS according to ERPScan: AV:N/AC:H/Au:S/C:C/I:C/A:C 7.1 CVSS according to SAP:...
SAP EMR Unwired - Unauthorized access
Application: SAP EMR Unwired com.sap.mobi Versions Affected: latest Vendor URL: http://www.sap.com Bugs: Unauthorized access Exploits: YES Reported: 20.04.2013 Vendor response: 21.04.2013 Date of Public Advisory: 16.11.2013 Reference: SAP Security Note 1864518 CVSS: AV:A/AC:M/AU:S/C:P/I:N/A:N 3.8...
SAP NetWeaver streaming server servlet - information disclosure
Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.0 Vendor URL: http://www.sap.com Bugs:Information disclosure Exploits: YES Reported: 07.12.2011 Vendor response: 09.12.2011 Date of Public Advisory: 30.07.2012 Reference: SAP Security Note 1675605 Author: Dmitry Chastuchin ERPScan...
SAP NetWeaver Monitoring Systeminfo - Multiple XSS
Application: SAP NetWeaver Vendor URL: Bugs: XSS Risk: Medium Exploits: YES Reported: 15.02.2011 Vendor response: 17.02.2011 Patched: 13.11.2011 Date of Public Advisory: 13.03.2012 Reference: SAP Security Note 1568003 Author: Alexander Polyakov ERPScan Description SAP NetWeaver Monitoring...
SAP NetWeaver ipcpricing - information disclose
Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs:Information disclosure Exploits: YES Reported: 27.01.2011 Vendor response:28.01.2011 Date of Public Advisory: 15.09.2011 Author: Dmitriy Chastuchin Description com.sap.ipc.webapp.ipcpricing application...
SAP NetWeaver Logviewer - Security Check Bypass
Application: SAP NetWeaver Logviewer Versions Affected: SAP NetWeaver Logviewer 6.30 Vendor URL: http://www.sap.com Bugs: Security Bypass Exploits: YES Reported: 24.06.2010 Vendor response: 25.06.2010 Date of SAP Security Note Published: 12.03.2013 Date of Public Advisory: 13.03.2013 Reference: S...
SAP NetWaver Virus Scan Interface - multiple XSS
Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs:Linked XSS Vulnerability Exploits: YES Reported: 01.04.2010 Vendor response:08.04.2010 Date of Public Advisory:11.11.2011 CVSS:4.3 Author: Dmitriy Evdokimov Description SAP Netweaver Virus Scan Interfa...
SAP Netweaver wsnavigator — XSS Security Vulnerability
Application: SAP Netweaver Versions Affected: Version 6.4-7.0 Vendor URL: Bugs: XSS Exploits: YES Reported: 26.05.2009 Vendor response: 27.05.2009 Date of Public Advisory: 13.07.2010 Author: Alexander Polyakov Description SAP Netweaver system has linked XSS security vulnerability in wsnavigator...
Oracle Application Server - multiple security vulnerabilities
Application: Oracle Application Server Versions Affected: Oracle Application Server 10.1.2.0.2 Vendor URL: http://oracle.com Bugs: Response Splitting XSS Exploits: YES Reported: 21.01.2009 Vendor response: 23.01.2009 Date of Public Advisory: 22.02.2012 Author: Alexandr Polyakov Description Oracle...
SAP GUI vsflexGrid ActiveX — Buffer Overflow vulnerability
Application: SAP GUI VSFlexGrid.VSFlexGridL Part of SAP GUI, SAP BO 2005, SAP BO 2007 Versions Affected: SAP GUI VSFlexGrid Activex Control SP=14 Vendor URL: http://sap.com” Bugs: Buffer Overflow Exploits: YES Reported: 26.11.2008 Vendor response: 27.11.2008 Date of Public Advisory: 06.10.2009...
Potential backdoor via hardcoded system ID
Application: SAP NetWeaver AS ABAP Vendor URL: http://sap.com Bugs: Hardcoded credentials Reported: 01.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 10.05.2016 Reference: SAP Security Note 2292487 Author: Vahagn VardanyanERPScan VULNERABILITY INFORMATION Class: Hardcoded credential...
SAP NetWeaver 7.4 (MDT component) - XSS vulnerability
Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4 Vendor URL: http://www.sap.com Bugs: XSS Reported: 01.09.2015 Vendor response: 02.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2206793 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class:...
SAP NetWeaver - Hardcoded credentials
Application: SAP NetWeaver Vendor URL: http://www.sap.com Bugs: Hardcoded credentials Reported: 06.03.2014 Vendor response: 07.03.2014 Date of Public Advisory: 15.06.2015 Reference: SAP Security Note 2059659 Authors: Rustem Gazizov, Diana Grigorieva ERPScan VULNERABILITY INFORMATION Class:...
SAP CRM gwsync - XXE
Application: SAP CRM Versions Affected: SAP CRM 7.02 EHP 2 Vendor URL: http://www.sap.com Bugs: XXE Reported: 09.07.2013 Vendor response: 10.07.2013 Date of Public Advisory: 25.01.2014 Reference: SAP Security Note 1917054 CVSS: AV:N/AC:L/AU:N/C:P/I:N/A:N 5.0 Authors: Alexey Tyurin, Nikolay...
SAP NetWeaver SHSTI_UPLOAD_XML - XXE
Application: SAP NetWeaver AS ABAP Versions Affected: SAP NetWeaver AS ABAP 7.31, probably others Vendor URL: Bugs: XML External Entity Exploits: YES Reported: 09.07.2013 Vendor response: 10.07.2013 Date of Public Advisory: 30.10.2013 Reference: SAP Security Note 1890819 CVSS:...
SAP NetWeaver ABAD0_DELETE_DERIVATION_TABLE - SQL Injection
Application: SAP NetWeaver Versions Affected: 7.30 Basis 720 SP 0, Kernel 720 patch 68 Vendor URL: http://www.sap.com Bugs: SQL injection Exploits: NO Reported: 25.01.2013 Vendor response: 26.01.2013 Date of Public Advisory: 30.08.2013 Reference: SAP Security Note 1840249 Author: Nikolay Mescheri...
SAP NetWeaver BAPI - SMB Relay vulnerability
Application: SAP NetWeaver ABAP Versions Affected: 7.30 Basis 720 SP 0, Kernel 720 patch 68 Vendor URL: http://www.sap.com Bugs: SMB Relay Exploits: YES Reported: 11.12.2012 Vendor response: 12.12.2012 Date of SAP Security Note Published: 12.02.2013 Date of Public Advisory: 20.02.2013 Reference:...
SAP Portal - unauthorized file read
Application: SAP Portal Vendor URL: http://www.sap.com Bugs: Directory traversal Exploits: YES Reported: 12.03.2011 Vendor response: 13.03.2011 Date of Public Advisory: 12.09.2012 Reference: SAP Security Note 1707494 Author: Dmitry Chastukhin ERPScan Description It is possible to read files in...
SAP NetWeaver PMI Agent Configuration - XML External Entity
Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs: XML External Entity Exploits: YES Reported: 07.12.2011 Vendor response: 08.12.2011 Date of Public Advisory: 22.10.2012 Reference: SAP Security Note 1721309 Author: Dmitry Chastukhin ERPScan Descriptio...
SAP Adapter Monitor - information disclosure
Application: SAP NetWeaver Vendor URL: Bugs: Information disclosure Risk: High Exploits: YES Reported: 06.12.2011 Vendor response: 06.12.2011 Date of Public Advisory: 17.12.2011 Reference: SAP Security Note 1445998 Description Information disclosure in com.sap.aii.mdt.amt.web.AMTPageProcessor...
SAP Portal WebDynPro - Path disclosure
Application: SAP NetWeaver JAVA Versions Affected: SAP NetWeaver J2EE Vendor URL: http://www.sap.com Bugs: Information Disclosure Exploits: YES Reported: 20.04.2013 Vendor response: 21.04.2013 Date of Public Advisory: 25.01.2014 Reference: SAP Security Note 1852146 CVSS: AV:N/AC:L/AU:N/C:P/I:N/A:...
SAP NetWeaver PI SDK - XXE and XXE Tunneling
Application: SAP PI SDK Versions Affected: SAP PI SDK Vendor URL: http://www.sap.com Bugs: Security Bypass Exploits: YES Reported: 12.03.2012 Vendor response: 13.03.2012 Date of Public Advisory: 22.10.2012 Reference: SAP Security Note 1723641 Authors: Alexander Polyakov, Alexey Tyurin, Alexandr...
SAP Xcelsius - insecure crossdomain policy
Application: SAP Portal Xcelsius dashboards Vendor URL: http://www.sap.com Bugs: insecure crossdomain policy Exploits: YES Reported: 12.03.2012 Vendor response: 12.03.2012 Date of SAP Security Note Published: 08.01.2013 Date of Public Advisory: 29.01.2013 Reference: SAP Security Note 1412864...
SAP NetWeaver Classification - SMB Relay vulnerability
Application: SAP NetWeaver CA-CL Versions Affected: 7.30 Basis 720 SP 0, Kernel 720 patch 68 Vendor URL: http://www.sap.com Bugs: SMB Relay Exploits: YES Reported: 11.12.2012 Vendor response: 12.12.2012 Date of SAP Security Note Published: 12.03.2013 Date of Public Advisory: 12.03.2013 Reference:...
SAP NetWeaver SDM - information disclosure and SMBRelay
Application: SAP NetWeaver SDM Versions Affected: SAP NetWeaver SDM Vendor URL: http://www.sap.com Bugs: Information Disclosure Exploits: YES Reported: 10.02.2012 Vendor response: 11.02.2012 Date of Public Advisory: 10.10.2012 Reference: SAP Security Note 1724516 Authors: Alexander Polyakov ERPSc...
SAP NetWeaver Portal - Directory Traversal
Application: SAP NetWeaver Portal Versions Affected: SAP NetWeaver Portal Vendor URL: http://www.sap.com Bugs:Directory Traversal Exploits: YES Reported: 08.08.2011 Vendor response:10.08.2011 Date of Public Advisory:13.03.2012 Reference: SAP Security Note 1630293 Author:Dmitriy Chastuchin ERPScan...
SAP Crystal Reports 2008 - Multiple XSS
Application: SAP Crystal Reports Vendor URL: Bugs: XSS Risk: Medium Exploits: YES Reported: 13.05.2011 Vendor response: 17.05.2011 Patched: 13.11.2011 Date of Public Advisory: 13.03.2012 Reference: SAP Security Note 1647871 Author: Dmitriy Chastuchin ERPScan Description XSS in MessagingSystem SAP...
SAP Crystal Reports 2008 — ActiveX Insecure Methods
Application: SAP Crystal Report Server 2008 Versions Affected: SAP Crystal Report Server 2008 Vendor URL: http://www.sap.com Exploits: YES Bugs: Insecure methods Reported: 09.03.2010 Vendor response: 10.03.2010 Date of SAP Security Note Published: 8.10.2010 Date of Public Advisory: 14.01.2011...
SAP GUI — Buffer overflow
Application: SAP GUI Versions Affected: 7.1, 7.2 Vendor URL: http://www.sap.com Bugs: Buffer Overflow Reported: 20.08.2010 Vendor response: 23.08.2010 Date of Public Advisory: 12.04.2011 Author: Dmitry Chastuhin Description Attacker can construct saplogon.ini file which contains vulnerable tag...
SAP NetWeaver J2EE Engine - Authentication bypass
Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs:XSS Exploits: YES Reported: 20.08.2010 Vendor response: 23.08.2010 Date of Public Advisory: 17.06.2011 CVSS: 9.0 Author:Alexander Polyakov Description Authentication bypass vulnerability in SAP NetWeav...
SAP GUI 7.1 WebViewer3D ActiveX — Insecure Methods
Application: EnjoySAP, SAP GUI for Windows 6.4 and 7.1 Versions Affected: Tested on 7100.2.7.1038 PL 7 Vendor URL: Bugs: Insecure method, File owervriting Exploits: YES Reported: 02.07.2009 Vendor response: 02.07.2009 Date of Public Advisory: 28.09.2009 Author: Alexandr Polyakov Description SAP G...
SAP Cfolders Multiple Stored XSS Vulnerabilies
Application: SAP Cfolders included in: SAP SRM, SAP ECC, SAP Knowledge Management and SAP NetWeaver cRooms Vendor URL: Bugs: Multiple Stored XSS Risk: High Exploits: YES Reported: 04.12.2008 Vendor response: 05.12.2008 Vulnerability patched: 15.12.2008 Date of Public Advisory: 21.04.2009 Referenc...
Oracle PeopleSoft PeopleTools - insecure AccessID encryption
Application:Oracle PeopleSoft PeopleTools Versions Affected: Oracle PeopleSoft PeopleTools 8.53 / 8.50 Vendor URL: http://www.oracle.com Bugs: Insecure encryption Exploits: YES Reported: 11.06.2014 Vendor response: 12.06.2014 Date of Public Advisory: 17.10.2014 Reference: Oracle CPU October 2014...
SAP Portal - Unvalidated redirect
Application: SAP NetWeaver JAVA Versions Affected: SAP NetWeaver J2EE 6.40/7.02, probably others Vendor URL: Bugs: Information disclosure Exploits: YES Reported: 20.04.2013 Vendor response: 21.04.2013 Date of Public Advisory: 30.10.2013 Reference: SAP Security Note 1854826 CVSS:...
SAP NetWeaver RSDDCVER_COUNT_TAB_COLS - Potential SQL Injection
Application: SAP NetWeaver Versions Affected: 7.30 Basis 720 SP 0, Kernel 720 patch 68 Vendor URL: http://www.sap.com Bugs: SQL injection Exploits: NO Reported: 22.10.2012 Vendor response: 23.10.2012 Date of Public Advisory: 16.11.2013 Reference: SAP Security Note 1836718 CVSS:...