291 matches found
SAP Netweaver - XML Entity Expansion DOS
Application: SAP NetWeaver Vendor URL: Bugs: DOS Risk: High Exploits: YES Reported: 08.04.2011 Vendor response: 10.04.2011 Patched: 13.11.2011 Date of Public Advisory: 13.03.2012 Reference: SAP Security Note 1594475 Author: Alexey Tyurin ERPScan Description SAP Netweaver – XML Entity Expansion It...
SAP NetWeaver servlet JavaDumpService - Multiple XSS
Application: SAP NetWeaver JavaDumpService Versions Affected: SAP NetWeaver JavaDumpService Vendor URL: Bugs: XSS Exploits: YES Reported: 30.07.2011 Vendor response: 02.08.2011 Date of Public Advisory: 30.10.2013 Reference: SAP Security Note 1828801 CVSS: AV:N/AC:M/AU:N/C:N/I:P/A:N 4.3 Author:...
NetWeaver BCB – Missing Authorization / Information disclosure
Application: SAP NetWeaver Versions Affected: SAP NetWeaver Business Communication Broker Vendor URL: http://www.sap.com Bugs: Information disclose Reported:09.06.2010 Vendor response: 10.06.2010 Date of Public Advisory: 17.06.2011 CVSS: 7.5 Reported:01.04.2010 Vendor response:02.04.2010 Date of...
SAP Crystal Reports 2008 — ActiveX Insecure Methods
Application: SAP Crystal Report Server 2008 Versions Affected: SAP Crystal Report Server 2008 Vendor URL: http://www.sap.com Exploits: YES Bugs: Insecure methods Reported: 09.03.2010 Vendor response: 10.03.2010 Date of SAP Security Note Published: 8.10.2010 Date of Public Advisory: 14.01.2011...
SAP NetWeaver - Unauthorized logon page
Application: SAP NetWeaver Versions Affected: 7.00 7.0014.20050509144048.0000 Vendor URL: http://www.sap.com Bugs: Missing Authorization Check Exploits: NO Reported: 20.08.2010 Vendor response: 23.08.2010 Date of Public Advisory: 12.02.2014 Reference: SAP Security Note 1860923 Author: Alexander...
SAP NetWeaver J2EE Engine - Authentication bypass
Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs:XSS Exploits: YES Reported: 20.08.2010 Vendor response: 23.08.2010 Date of Public Advisory: 17.06.2011 CVSS: 9.0 Author:Alexander Polyakov Description Authentication bypass vulnerability in SAP NetWeav...
SAP NetWeaver XSS Vulnerability in ICF
Application: SAP NetWeaver Versions Affected: SAP BASIS 6.4-7.2 Vendor URL: Bugs: Buffer Overflow Exploits: XSS Reported: 05.02.2010 Date of Public Advisory: 15.09.2010 Author: Alexey Sintsov Description SAP NetWeaver ICF BSP has linked XSS vulnerability. The vulnerability was found at...
SAP GUI 7.1 WebViewer3D ActiveX — Insecure Methods
Application: EnjoySAP, SAP GUI for Windows 6.4 and 7.1 Versions Affected: Tested on 7100.2.7.1038 PL 7 Vendor URL: Bugs: Insecure method, File owervriting Exploits: YES Reported: 02.07.2009 Vendor response: 02.07.2009 Date of Public Advisory: 28.09.2009 Author: Alexandr Polyakov Description SAP G...
SAP NetWeaver directory creation outside of the JVM
Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS JAVA UMEADMIN component Vendor URL: SAP Bugs: Directory traversal Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 13.12.2016 Reference: SAP Security Note 2310790 Author: Mathieu Geli ERPScan VULNERABILITY...
SAP NetWeaver 7.4 - cryptographic issues
Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4 Vendor URL: http://www.sap.com Bugs: cryptographic issues Reported: 01.09.2015 Vendor response: 02.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2191290 Author: Vahagn Vardanyan ERPScan VULNERABILITY...
SAP NetWeaver 7.4 (Pmitest servlet) - XSS vulnerability
Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4 Vendor URL: http://www.sap.com Bugs: XSS Reported: 01.09.2015 Vendor response: 02.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2234918 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class:...
SAP CRM crm_flex_data - XXE
Application: SAP CRM Versions Affected: SAP CRM 7.02 EHP 2 Vendor URL: http://www.sap.com Bugs: XXE Exploits: YES Reported: 09.07.2013 Vendor response: 10.07.2013 Date of Public Advisory: 16.11.2013 Reference: SAP Security Note 1909665 Authors: Alexey Tyurin, Nikolay Mescherin ERPScan Description...
SAP BW Doc - Multiple XSS
Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs:Linked XSS Vulnerability Exploits: YES Reported: 14.03.2011 Vendor response:16.03.2011 Date of Public Advisory:11.11.2011 CVSS: 4.3 Author: Alexandr Polyakov and Dmitriy Chastuchin Description BW DOC...
SAP NetWeaver SLD - Information Disclosure
Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs: Information disclose Exploits: YES Reported: 09.06.2010 Vendor response: 10.06.2010 Date of Public Advisory: 17.06.2011 CVSS: 5.0 Author:Alexander Polyakov Description Information disclosure...
SAP NetWeaver ExchangeProfile — XSS
Application: SAP NetWeaver Versions Affected:SAP NetWeaver SLD ExchangeProfile application 6.40-7.30 Vendor URL: Bugs: XSS Exploits: YES Reported: 25.01.2010 Vendor response: 25.01.2010 Date of SAP Security Note Published: 14.09.2010 Date of Public Advisory: 14.12.2010 Author: Alexandr Polyakov...
SAP NetWeaver Component Build Service — XSS
Application: SAP NetWeaver Versions Affected: SAP NetWeaver JDI 6.4 SP23-26 Vendor URL: Bugs: XSS Exploits: YES Reported: 01.04.2010 Vendor response: 02.04.2010 Date of SAP Security Note Published: 14.09.2010 Date of Public Advisory: 14.12.2010 Author: Dmitriy Evdokimov Description SAP NetWeaver...
SAP GUI 7.1 — Insecure Method, Code execution
Application: SAP GUI Versions Affected: SAP GUI SAP GUI 7.1 Vendor URL: Bugs: Insecure method, Code Execution Exploits: YES Reported: 16.10.2009 Vendor response: 27.10.2009 Date of Public Advisory: 23.03.2010 Author: Sintsov Alexey Description Insecure method was founded in SAPBExCommonResources...
Oracle BEA Weblogic — Linked ХSS vulnerability
Application: Oracle BEA Weblogic 10 Versions Affected: Oracle BEA Weblogic 10 Vendor URL: Bugs:Linked XSS Vulnerability Exploits:YES Reported:18.03.2009 Vendor response:19.03.2009 Description: XSS in Search Date of Public Advisory: 16.07.2009 Author: Alexandr Polyakov Description A linked XSS...
Oracle BEA Weblogic 10 — Multiple Linked ХSS vulnerabilities
Application: Oracle BEA Weblogic 10 Versions Affected: Oracle BEA Weblogic 10 Vendor URL: Bugs: Multiple XSS Vulnerabilities in samples Exploits: YES Reported: 16.07.2008 Vendor response: 18.07.2008 Last response: 30.10.2008 Description: Review Service sample of WebLogic Server. Date of Public...
SAP Mobile .healthcare.emr.v2 - Unauthorized access
Application: SAP EMR Unwired com.sap.mobile.healthcare.emr.v2, SAP Clinical Task Tracker com.sap.mobile.healthcare.ctt Vendor URL: http://www.sap.com Bugs: Unauthorized access Reported: 20.04.2013 Vendor response: 21.04.2013 Date of Public Advisory: 15.02.2015 Reference: SAP Security Note 2117079...
SAP NetWeaver SDM Admin - information disclosure
Application: SAP NetWeaver SDM Versions Affected: SAP NetWeaver SDM Vendor URL: http://www.sap.com Bugs: Information Disclosure Exploits: YES Reported: 10.02.2012 Vendor response: 11.02.2012 Date of Public Advisory: 10.10.2012 Reference: SAP Security Note 1724516 Authors: Alexander Polyakov ERPSc...
SAP NetWeaver PFL_CHECK_OS_FILE_EXISTENCE - missing authorization check and SMB Relay vulnerability
Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs:Auth bypass, Verb tampering Exploits: YES Reported: 13.05.2011 Vendor response:15.05.2011 Date of Public Advisory:20.01.2011 Author: Alexey Tyurin Description Missing authorization check in FRC functio...
SAP NetWeaver Trust Center Service - XSS
Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs:XSS Exploits: YES Reported: 11.05.2010 Vendor response: 12.05.2011 Date of Public Advisory: 17.06.2011 CVSS: 5.0 Author: Dmitriy Evdokimov Description SAP NetWeaver Trust Center Service has linked XSS...
SAP Netweaver SQL Monitors — Multiple XSS
Application: SAP Netweaver Administrator panel Versions Affected: SAP Netweaver Administrator panel from ECC 6.0 Vendor URL: Bugs: XSS Exploits: YES Reported: 07.09.2009 Vendor response: 08.09.2009 Date of Public Advisory: 09.11.2010 Author: Alexandr Polyakov and Alexey Troshichev Description Ope...
SAP GUI 7.1 WebViewer2D ActiveX — Insecure Methods
Application: EAI WebViewer2D EnjoySAP, SAP GUI for Windows 6.4 and 7.1 Versions Affected:Tested on 7100.2.7.1038 PL 7 Vendor URL: Bugs: Insecure method, File owervriting Exploits: YES Reported: 02.07.2009 Vendor response: 02.07.2009 Date of Public Advisory: 28.09.2009 Author: Alexandr Polyakov...
SAP NetWeaver Java AS - multiple XSS vulnerabilities
Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4 Vendor URL: SAP Bugs: XSS Reported: 29.09.2015 Vendor response: 30.09.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2238765 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XSS Impact: leakage...
SAP NetWeaver AS Java - XXE
Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java Vendor URL: http://www.sap.com Bugs: XXE Reported: 16.06.2014 Vendor response: 17.06.2014 Date of Public Advisory: 17.10.2014 Reference: SAP Security Note 2045176 Authors: Vahagn Vardanyan ERPScan Description SAP XML pars...
SAP NetWeaver - SMB Relay
Application: SAP Vendor URL: http://www.sap.com Bugs: Security Bypass, Directory Traversal, SMB Relay Exploits: YES Reported: 01.07.2014 Vendor response: 02.07.2014 Date of Public Advisory: 15.12.2014 Reference: SAP Security Note 2056333 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION...
SAP NetWeaver ECATT_DISPLAY_XMLSTRING_REMOTE - XXE
Application: SAP NetWeaver AS ABAP Versions Affected: SAP NetWeaver AS ABAP 7.31, probably others Vendor URL: http://www.sap.com Bugs: XML External Entity Reported: 09.07.2013 Vendor response: 10.07.2013 Date of Public Advisory: 20.01.2015 Reference: SAP Security Note 2016638 Authors: Nikolay...
SAProuter - Authentication Bypass
Application: SAP Network Interface Router SAProuter Versions Affected: 39.3 SP4 7100.0.0.201 – Win64/Linux x8664, 40.4 Vendor URL: http://www.sap.com Bugs: Authentication bypass Exploits: NO Reported: 23.03.2013 Vendor response: 24.03.2013 Date of Public Advisory: 25.11.2013 Reference: SAP Securi...
SAP NetWeaver PFL - SMB Relay
Application: SAP NetWeaver Versions Affected: 7.30 Basis 720 SP 0, Kernel 720 patch 68 Vendor URL: http://www.sap.com Bugs: SMB Relay Exploits: NO Reported: 11.12.2012 Vendor response: 12.12.2012 Date of SAP Security Note Published: 09.04.2013 Date of Public Advisory: 20.04.2013 Reference: SAP...
SAP NetWeaver DI - Arbitrary file upload
Application: SAP NetWeaver J2EE Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs: Arbitrary file upload/Security bypass Exploits: YES Reported: 11.12.2012 Vendor response: 12.12.2012 Date of SAP Security Note Published: 12.02.2013 Date of Public Advisory: 20.02.2013 Reference:...
SAP Netweaver CCMS - XML Entity Expansion DOS
Application: SAP NetWeaver Vendor URL: Bugs: DOS Risk: High Exploits: YES Reported: 13.05.2011 Vendor response: 15.05.2011 Patched: 13.11.2011 Date of Public Advisory: 13.03.2012 Reference: SAP Security Note 1594475 Author: Alexey Tyurin ERPScan Description SAP Netweaver – XML Entity Expansion It...
SAP NetWeaver Data Archiving Service — Multiple XSS
Application: SAP NetWeaver Versions Affected: SAP NetWeaver Data Archiving Service 6.4-7.3 Vendor URL: http://www.sap.com Bugs: Linked XSS and Stored XSS Exploits: YES Reported: 11.05.2010 Vendor response: 11.05.2010 Date of Public Advisory: 12.04.2011 Author: Dmitriy Evdokimov Description SAP...
SAP Netweaver XRFC — Stack Overflow
Application: SAP BASIS Versions Affected: SAP XRFC 6.40/7.00 may be others Vendor URL: Bugs: Stack Overflow Exploits: YES DoS PoC Reported: 29.03.2010 Vendor response: 29.03.2010 Date of Public Advisory: 09.11.2010 Author: Alexey Sintsov Description It is possible to call stack overflow via RFC...
SAP NetWeaver DTR — Multiple XSS
Application: SAP NetWeaver Versions Affected: SAP NetWeaver Design Time Repository 6.4-7.2 Vendor URL: Bugs: XSS Exploits: YES Reported: 14.12.2009 Vendor response: 14.12.2009 Date of SAP Security Note Published: 14.09.2010 Date of Public Advisory: 14.12.2010 Author: Alexander Polyakov and Alexey...
SAP Cfolders Multiple Linked XSS Vulnerabilities
Application: SAP Cfolders SAP SRM, SAP ECC, SAP Knowledge Management and SAP NetWeaver cRooms collaboration rooms Vendor URL: Bugs: Multiple Liked XSS Risk: High Exploits: YES Reported: 12.01.2009 Vendor response: 13.01.2009 patched: 21.01.2009 Date of Public Advisory: 21.04.2009 Reference: SAP...
SAP NetWeaver PFL - SMB Relay
Application: SAP NetWeaver Versions Affected: 7.30 Basis 720 SP 0, Kernel 720 patch 68 Vendor URL: http://www.sap.com Bugs: SMB Relay Exploits: NO Reported: 11.12.2012 Vendor response: 12.12.2012 Date of SAP Security Note Published: 09.04.2013 Date of Public Advisory: 20.04.2013 Reference: SAP...
SAP NetWeaver Performance Provider - XSS
Application: SAP NetWeaver Performance Provider Versions Affected: SAP NetWeaver Performance Provider Vendor URL: http://www.sap.com Bugs: XSS Exploits: YES Reported: 13.07.2012 Vendor response: 14.07.2012 Date of SAP Security Note Published: 12.03.2013 Date of Public Advisory: 14.03.2013...
SAP NetWeaver PIP - XSS
Application: SAP NetWeaver Integration Repository Versions Affected: SAP NetWeaver Integration Repository Vendor URL: http://www.sap.com Bugs: XSS Reported: 13.07.2012 Vendor response: 14.07.2012 Date of Public Advisory: 25.01.2014 Reference: SAP Security Note 1442517 CVSS:...
SAP NetWeaver Exportability Check Service - unauthorized directory traversal
Application: SAP NetWeaver J2EE Versions Affected: SAP NetWeaver J2EE Vendor URL: http://www.sap.com Bugs:Directory Traversal, File Read Exploits: YES Reported: 19.08.2011 Vendor response: 20.08.2011 Date of SAP Security Note Published: 08.01.2013 Date of Public Advisory: 28.01.2013 Reference: SA...