291 matches found
SAP NetWeaver AS JAVA - XXE vulnerability in BC-BMT-BPM-DSK component (CVE-2016-9563)
Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.5 Vendor URL: SAP Bugs: XXE Reported: 09.03.2016 Vendor response: 10.03.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2296909 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XXE...
SAP NetWeaver - buffer overflow vulnerability
Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.0-7.5 Vendor URL: SAP Bugs: buffer overflow Reported: 09.03.2016 Vendor response: 10.03.2016 Date of Public Advisory: 12.07.2016 Reference: SAP Security Note 2295238 Author: Dmitry Yudin ERPScan VULNERABILITY INFORMATION Class: Denial ...
SAP Message Server HTTP remote DoS
Application: SAP KERNEL Versions Affected: SAP KERNEL 7.21-7.49 Vendor URL: SAP Bugs: Denial of Service Reported: 18.08.2016 Vendor response: 19.08.2016 Date of Public Advisory: 08.11.2016 Reference: SAP Security Note 2358972 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: Denial of...
SAP NetWeaver Java 7.5 XXE
Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.5 Vendor URL: SAP Bugs: XXE Reported: 17.06.2016 Vendor response: 18.06.2016 Date of Public Advisory: 10.01.2017 Reference: SAP Security Note 2347439 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: XXE Impact: Denial of...
SAP NetWeaver AS Java 7.5 XXE in com.sap.km.cm.ice
Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java 7.5 Vendor URL: SAP Bugs: XXE Reported: 17.06.2016 Vendor response: 18.06.2016 Date of Public Advisory: 11.04.2017 Reference: SAP Security Note 2387249 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: XXE...
SAP NetWeaver AS Java getUserUddiElements SQL Injection
Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java ES UDDI 7.11 – 7.5 Vendor URL: SAP Bugs: SQL injection Reported: 17.06.2016 Vendor response: 17.06.2016 Date of Public Advisory: 10.01.2017 Reference: SAP Security Note 2356504 Author: Vahagn Vardanyan ERPScan VULNERABILI...
SAP Netweaver AS Java - XXE vulnerability in Visual Composer VC70RUNTIME
Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS JAVA 7.5 Vendor URL: SAP Bugs: XXE Reported: 17.06.2016 Vendor response: 18.06.2016 Date of Public Advisory: 14.02.2017 Reference: SAP Security Note 2386873 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: XXE Impact:...
SAP NetWeaver AS JAVA XSS in portal app component
Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java RTC 7.0-7.3 Vendor URL: SAP Bugs: XSS Reported: 22.04.2016 Vendor response: 23.04.2016 Date of Public Advisory: 10.01.2017 Reference: SAP Security Note 2341302 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION...
SAP NetWeaver AS ABAP - Directory traversal using READ DATASET
Application: SAP NetWeaver AS ABAP Versions Affected: SAP NetWeaver AS ABAP 7.4 Vendor URL: SAP Bugs: Directory traversal Reported: 22.04.2016 Vendor response: 23.04.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2312966 Author: Daria Prosochkina ERPScan VULNERABILITY...
SAP NetWeaver AS JAVA - deserialization of untrusted user value
Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver 7.5 Vendor URL: SAP Bugs: Denial of Service Reported: 22.04.2016 Vendor response: 23.04.2016 Date of Public Advisory: 12.07.2016 Reference: SAP Security Note 2315788 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class:...
SAP NetWeaver AS JAVA icman - DoS vulnerability (CVE-2016-9562)
Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.4 Vendor URL: SAP Bugs: Denial of Service Reported: 22.04.2016 Vendor response: 23.04.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2313835 Author: Vahagn Vardanyan ERPScan VULNERABILITY...
SAP NetWeaver 7.5 Information disclosure + port scan in SLD test application
Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver SLD Vendor URL: SAP Bugs: Information disclosure Reported: 22.04.2016 Vendor response: 23.04.2016 Date of Public Advisory: 08.11.2016 Reference: SAP Security Note 2342940 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION...
SAP AS Java XSS in Enterprise Portal
Application: SAP NetWeaver AS Java Vendor URL: SAP Bugs: XSS Reported: 01.11.2016 Vendor response: 02.11.2016 Date of Public Advisory: 09.05.2017 Reference: SAP Security Note 2412897 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XSS Impact: Account hijacking Remotely...
SAP Hostcontrol remote DOS
Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java 7.0 – 7.5 Vendor URL: SAP Bug: DoS Reported: 01.11.2016 Vendor response: 02.11.2016 Date of Public Advisory: 13.06.2017 Reference: SAP Security Note 2389181 Authors: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: D...
SAP AS JAVA DoS in BC-IAM-SSO-OTP package via QR Servlet
Application: SAP AS JAVA SSO Authentication Library Versions Affected: SAP AS JAVA SSO Authentication Library 2.0-3.0 Vendor URL: SAP Bugs: DoS Reported: 01.11.2016 Vendor response: 02.11.2016 Date of Public Advisory: 10.01.2017 Reference: SAP Security Note 2389042 Author: Vahagn Vardanyan ERPSca...
SAP Netweaver Java deserialization of untrusted user value in metadatauploader
Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7400.12.21.30308 Vendor URL: SAP Bugs: DoS Reported: 01.11.2016 Vendor response: 02.11.2016 Date of Public Advisory: 14.03.2017 Reference: SAP Security Note 2399804 Author: Vahagn VardanyanERPScan & Mathieu Geli ERPScan VULNERABILITY...
Potential backdoor via hardcoded system ID
Application: SAP NetWeaver AS ABAP Vendor URL: http://sap.com Bugs: Hardcoded credentials Reported: 01.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 10.05.2016 Reference: SAP Security Note 2292487 Author: Vahagn VardanyanERPScan VULNERABILITY INFORMATION Class: Hardcoded credential...
SAP SQL Anywhere MobiLink Synchronization Server - buffer overflow vulnerability
Application: SAP SQL Anywhere MobiLink Synchronization Server 17 Vendor URL: SAP Bug: Buffer overflow Reported: 01.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 14.06.2016 Reference: SAP Security Note 2308778 Author: Vahagn VardanyanERPScan VULNERABILITY INFORMATION Class: Buffer...
SAP Hybris E-commerce Suite VirtualJDBC - Default Credentials
Application: SAP Hybris E-commerce Suite Versions Affected: SAP Hybris E-commerce Suite 5.1.0.3 Vendor URL: SAP Bugs: Default credentials Reported: 01.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 10.05.2016 Author: Alexey Tyurin ERPScan VULNERABILITY INFORMATION Class: CWE-259 Use...
SAP ASE ODATA Server - Denial of Service
Application: SAP ASE Versions Affected: SAP ASE 16 Vendor URL: SAP Bugs: Denial of Service Reported: 01.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 12.10.2016 Reference: SAP Security Note 2330422 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: Denial of Service...
SAP Hybris E-commerce Suite VirtualJDBC SQL Injection
Application: SAP Hybris E-commerce Vendor URL: SAP Bugs: SQL Injection Reported: 01.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 14.02.2016 Reference: SAP replied “Due to the fact that this issue is inside Hybris cloud we don’t provide a security note. Please mention inside your...
SAP Business Object Data Services - directory traversal
Application: SAP Data Services 4.2 Vendor URL: SAP Bug: Directory Travesal Reported: 01.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 14.06.2016 Reference: SAP Security Note 2300346 Author: Nursultan Abubakirov ERPScan VULNERABILITY INFORMATION Class: directory traversal Impact:...
SAP Adaptive Server Enterprise - DoS vulnerability
Application: SAP Adaptive Server Enterprise Versions Affected: SAP Adaptive Server Enterprise 16 Vendor URL: SAP Bug: Denial of Service Reported: 01.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 12.07.2016 Reference: SAP Security Note 2330839 Author: Vahgan Vardanyan ERPScan...
SAP NetWeaver AS JAVA - XSS vulnerability
Application: SAP NetWeaver Portal 7.4 Vendor URL: SAP Bug: XSS Reported: 12.08.2015 Vendor response: 13.08.2015 Date of Public Advisory: 14.06.2016 Reference: SAP Security Note 2256178 Author: Vahagn VardanyanERPScan VULNERABILITY INFORMATION Class: XSS Impact: modify displayed content from a Web...
SAP Afaria - Authorization bypass, Insecure signature
Application: SAP Afaria 7.0.6001.5 Vendor URL: http://www.sap.com Bugs: Authorization bypass Reported: 12.03.2015 Vendor response: 13.03.2015 Date of Public Advisory: 12.05.2015 Reference: SAP Security Note 2134905 Authors: Dmitry Chastukhin ERPScan Description An anonymous attacker can spoof a...
SAP NetWeaver JAVA AS UDDI component - XXE vulnerability
Application: SAP AS JAVA Versions Affected: SAP AS JAVA 7.4 Vendor URL: SAP Bugs: XXE Reported: 20.10.2015 Vendor response: 21.10.2015 Date of Public Advisory: 14.04.2016 Reference: SAP Security Note 2254389 Author: Vahagn Vardanyan ERPScan Vulnerability Information Class: denial of service Impac...
SAP NetWeaver Java AS ctcprotocol servlet - XXE vulnerability
Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.1 – 7.5 Vendor URL: SAP Bug: XXE Reported: 20.10.2015 Vendor response: 21.10.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2235994 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XXE Impact:...
SAP NetWeaver AS Java NavigationURLTester - XSS vulnerability
Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4 Vendor URL: SAP Bugs: XSS vulnerability Reported: 20.10.2015 Vendor response: 21.10.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2238375 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XSS...
SAP NetWeaver 7.4 (ProxyServer servlet) - XSS vulnerability
Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4 Vendor URL: SAP Bugs: Cross Site Scripting XSS Reported: 10.08.2015 Vendor response: 11.08.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2220571 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class...
SAP NetWeaver Java AS - multiple XSS vulnerabilities
Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4 Vendor URL: SAP Bugs: XSS Reported: 29.09.2015 Vendor response: 30.09.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2238765 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XSS Impact: leakage...
SAP HANA - log injection and no size restriction
Application: SAP HANA Versions Affected: SAP HANA Vendor URL: http://www.sap.com Bugs: Log injection Reported: 28.09.2015 Vendor response: 29.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2241978 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: Log injectio...
SAP HANA hdbxsengine JSON - DoS
Application: SAP HANA Versions Affected: SAP HANA 1.00.095 Vendor URL: http://www.sap.com Bugs: DoS Reported: 28.09.2015 Vendor response: 29.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2241978 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: DoS Impact:...
SAP NetWeaver AS JAVA - information disclosure vulnerability
Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 – 7.5 Vendor URL: SAP Bugs: Information disclosure Reported: 15.09.2015 Vendor response: 16.09.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2256846 Author: Vahagn Vardanyan ERPScan VULNERABILI...
SAP NetWeaver AS JAVA - SQL injection vulnerability
Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 – 7.5 Vendor URL: SAP Bugs: SQL injection Reported: 18.08.2015 Vendor response: 19.08.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2101079 Author: Vahagn Vardanyan ERPScan VULNERABILITY...
SAP xMII - directory traversal vulnerability
Application: SAP xMII Versions Affected: SAP MII 15.0 Vendor URL: SAP Bugs: Directory traversal Reported: 29.07.2015 Vendor response: 30.07.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2230978 Author: Dmitry Chastuhin ERPScan VULNERABILITY INFORMATION Class: CWE-36 Impact...
SAP HANA hdbindexserver - Memory corruption
Application: SAP HANA Versions Affected: SAP HANA 1.00.095 Vendor URL: http://www.sap.com Bugs: RCE, Memory corruption Reported: 17.07.2015 Vendor response: 18.07.2015 Date of Public Advisory: 13.10.2015 Reference: SAP Security Note 2197428 Authors: Mathieu Geli ERPScan VULNERABILITY INFORMATION...
Oracle E-Business Suite - SQL injection vulnerability
Application: E-Business Suite Vendor URL: Oracle Bugs: SQL injection Reported: 17.07.2015 Vendor response: 24.07.2015 Date of Public Advisory:20.10.2015 Reference: Oracle CPU Oct 2015 Authors: Nikita Kelesis, Ivan Chalykin, Alexey Tyurin, Egor Karbutov ERPScan VULNERABILITY INFORMATION Class: SQL...
Oracle E-Business Suite - XXE injection vulnerability
Application: E-Business Suite Vendor URL: Oracle Bugs: XXE injection Reported: 17.07.2015 Vendor response: 24.07.2015 Date of Public Advisory:20.10.2015 Reference: Oracle CPU Oct 2015 Authors: Nikita Kelesis, Ivan Chalykin, Alexey Tyurin ERPScan VULNERABILITY INFORMATION Class: XML External Entit...
Oracle E-Business Suite - Cross-site Scripting vulnerability
Application: E-Business Suite Vendor URL: Oracle Bugs: Cross-site Scripting Reported: 17.07.2015 Vendor response: 24.07.2015 Date of Public Advisory:20.10.2015 Reference: Oracle CPU Oct 2015 Authors: Nikita Kelesis, Ivan Chalykin, Alexey Tyurin ERPScan VULNERABILITY INFORMATION Class: Cross-site...
Oracle E-Business Suite - XXE injection vulnerability
Application: E-Business Suite Vendor URL: Oracle Bugs: XXE injection Reported: 17.07.2015 Vendor response: 24.07.2015 Date of Public Advisory:20.10.2015 Reference: Oracle CPU Oct 2015 Authors: Nikita Kelesis, Ivan Chalykin, Alexey Tyurin ERPScan VULNERABILITY INFORMATION Class: XML External Entit...
Oracle E-Business Suite – XXE injection vulnerability
Application: Oracle E-Business Suite Vendor: Oracle Versions Affected: Oracle E-Business Suite 12.1.3, probably others Bugs: XXE injection Reported: 17.07.2015 Vendor response: 24.07.2015 Date of Public Advisory: 19.01.2016 Reference: Oracle CPU Jan 2016 Author: Nikita Kelesis, Ivan Chalykin,...
Oracle E-Business Suite - Database user enumeration vulnerability
Application: E-Business Suite Vendor URL: Oracle Bugs: User enumeration Reported: 17.07.2015 Vendor response: 24.07.2015 Date of Public Advisory:20.10.2015 Reference: Oracle CPU Oct 2015 Authors: Nikita Kelesis, Ivan Chalykin, Alexey Tyurin, Egor Karbutov ERPScan VULNERABILITY INFORMATION Class:...
Oracle E-Business Suite - XXE injection vulnerability
Application: E-Business Suite Vendor URL: Oracle Bugs: XXE injection Reported: 17.07.2015 Vendor response: 24.07.2015 Date of Public Advisory:20.10.2015 Reference: Oracle CPU Oct 2015 Authors: Nikita Kelesis, Ivan Chalykin, Alexey Tyurin ERPScan VULNERABILITY INFORMATION Class: XML External Entit...
Oracle E-Business Suite - XXE injection vulnerability
Application: Oracle E-Business Suite Version Affected: Oracle E-Business Suite 12.1.3, probably others Vendor: Oracle Bugs: XXE injection Reported:17.07.2015 Vendor response: 24.07.2015 Date of Public Advisory: 19.01.2016 Reference: Oracle CPU Jan 2016 Author: Nikita Kelesis, Ivan Chalykin, Alexe...
SAP NetWeaver - SQL Injection
Application: SAP NetWeaver J2EE Engine 7.40 Vendor URL: http://www.sap.com Bugs: SQL injection Reported: 13.07.2015 Vendor response: 24.07.2015 Date of Public Advisory: 09.09.2015 Reference: SAP Security Note 2193389 Authors: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: Information...
SAP NetWeaver 7.4 - XSS
Application: SAP NetWeaver J2EE Engine 7.40 Vendor URL: http://www.sap.com Bugs: XSS Reported: 13.07.2015 Vendor response: 24.07.2015 Date of Public Advisory: 09.09.2015 Reference: SAP Security Note 2176785 Authors: Roman Bezhan ERPScan VULNERABILITY INFORMATION Class: Cross-Site Scripting, XSS...
SAP NetWeaver - internal special account password leak
Application: SAP Netweaver Versions Affected: SAP Netweaver 7.4 Vendor URL: SAP Bugs: Coding error, Reading sensitive user data Send: 05.09.2015 Reported: 05.09.2015 Vendor response: 06.09.2015 Date of Public Advisory: 08.12.2015 Reference: SAP Security Note 2240946 Author: Dmitry Chastuhin,...
SAP MII - Encryption Downgrade vulnerability
Application: SAP MII Vendor URL: http://www.sap.com Bugs: Cryptographic issues Reported: 05.09.2015 Vendor response: 06.09.2015 Date of Public Advisory: 20.11.2015 Reference: SAP Security Note 2240274 Author: Mathieu GELI ERPScan VULNERABILITY INFORMATION Class: Cryptographic issues Impact: readi...
SAP PCo agent - DoS vulnerability
Application: SAP PCo Vendor: Bugs: DoS Reported: 05.09.2015 Vendor response: 06.09.2015 Date of Public Advisory: 20.11.2015 Reference: SAP Security Note 2238619 Author: Mathieu GELI ERPScan VULNERABILITY INFORMATION Class: Denial of service Impact: Disrupt operational status Remotely Exploitable:...
SAP xMII - Reflected XSS vulnerability
Application: SAP NetWeaver AS JAV Versions Affected: SAP NetWeaver AS JAVA 7.4 Vendor URL: SAP Bugs: XSS Reported: 05.05.2015 Vendor response: 06.05.2015 Date of Public Advisory: 12.04.2016 Reference: SAP Security Note 2201295 Author: Nursultan Abubakirov , Vahagn Vardanyan ERPScan VULNERABILITY...