291 matches found
SAP Portal - Unvalidated redirect
Application: SAP NetWeaver JAVA Versions Affected: SAP NetWeaver J2EE 6.40/7.02, probably others Vendor URL: Bugs: Information disclosure Exploits: YES Reported: 20.04.2013 Vendor response: 21.04.2013 Date of Public Advisory: 30.10.2013 Reference: SAP Security Note 1854826 CVSS:...
SAProuter - Authentication Bypass
Application: SAP Network Interface Router SAProuter Versions Affected: 39.3 SP4 7100.0.0.201 – Win64/Linux x8664, 40.4 Vendor URL: http://www.sap.com Bugs: Authentication bypass Exploits: NO Reported: 23.03.2013 Vendor response: 24.03.2013 Date of Public Advisory: 25.11.2013 Reference: SAP Securi...
SAP NetWeaver ABAD0_DELETE_DERIVATION_TABLE - SQL Injection
Application: SAP NetWeaver Versions Affected: 7.30 Basis 720 SP 0, Kernel 720 patch 68 Vendor URL: http://www.sap.com Bugs: SQL injection Exploits: NO Reported: 25.01.2013 Vendor response: 26.01.2013 Date of Public Advisory: 30.08.2013 Reference: SAP Security Note 1840249 Author: Nikolay Mescheri...
SAP Xcelsius - insecure crossdomain policy
Application: SAP Portal Xcelsius dashboards Vendor URL: http://www.sap.com Bugs: insecure crossdomain policy Exploits: YES Reported: 12.03.2012 Vendor response: 12.03.2012 Date of SAP Security Note Published: 08.01.2013 Date of Public Advisory: 29.01.2013 Reference: SAP Security Note 1412864...
SAP NetWeaver PI SDK - XXE and XXE Tunneling
Application: SAP PI SDK Versions Affected: SAP PI SDK Vendor URL: http://www.sap.com Bugs: Security Bypass Exploits: YES Reported: 12.03.2012 Vendor response: 13.03.2012 Date of Public Advisory: 22.10.2012 Reference: SAP Security Note 1723641 Authors: Alexander Polyakov, Alexey Tyurin, Alexandr...
SAP NetWeaver MMC - CSRF
Application: SAP NetWeaver Vendor URL: http://www.sap.com Bugs: CSRF Exploits: YES Reported: 12.03.2012 Vendor response:13.03.2012 Date of Public Advisory:13.11.2012 Reference: SAP Security Note 1734986 Author: Alexey Tyurin ERPScan Description It is possible to execute commands in SAP system via...
SAP NetWeaver DI - Arbitrary file upload
Application: SAP NetWeaver J2EE Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs: Arbitrary file upload/Security bypass Exploits: YES Reported: 11.12.2012 Vendor response: 12.12.2012 Date of SAP Security Note Published: 12.02.2013 Date of Public Advisory: 20.02.2013 Reference:...
SAP NetWeaver BAPI - SMB Relay vulnerability
Application: SAP NetWeaver ABAP Versions Affected: 7.30 Basis 720 SP 0, Kernel 720 patch 68 Vendor URL: http://www.sap.com Bugs: SMB Relay Exploits: YES Reported: 11.12.2012 Vendor response: 12.12.2012 Date of SAP Security Note Published: 12.02.2013 Date of Public Advisory: 20.02.2013 Reference:...
SAP NetWeaver PFL - SMB Relay
Application: SAP NetWeaver Versions Affected: 7.30 Basis 720 SP 0, Kernel 720 patch 68 Vendor URL: http://www.sap.com Bugs: SMB Relay Exploits: NO Reported: 11.12.2012 Vendor response: 12.12.2012 Date of SAP Security Note Published: 09.04.2013 Date of Public Advisory: 20.04.2013 Reference: SAP...
SAP NetWeaver Classification - SMB Relay vulnerability
Application: SAP NetWeaver CA-CL Versions Affected: 7.30 Basis 720 SP 0, Kernel 720 patch 68 Vendor URL: http://www.sap.com Bugs: SMB Relay Exploits: YES Reported: 11.12.2012 Vendor response: 12.12.2012 Date of SAP Security Note Published: 12.03.2013 Date of Public Advisory: 12.03.2013 Reference:...
SAP NetWeaver PFL - SMB Relay
Application: SAP NetWeaver Versions Affected: 7.30 Basis 720 SP 0, Kernel 720 patch 68 Vendor URL: http://www.sap.com Bugs: SMB Relay Exploits: NO Reported: 11.12.2012 Vendor response: 12.12.2012 Date of SAP Security Note Published: 09.04.2013 Date of Public Advisory: 20.04.2013 Reference: SAP...
SAP NetWeaver RSDDCVER_COUNT_TAB_COLS - Potential SQL Injection
Application: SAP NetWeaver Versions Affected: 7.30 Basis 720 SP 0, Kernel 720 patch 68 Vendor URL: http://www.sap.com Bugs: SQL injection Exploits: NO Reported: 22.10.2012 Vendor response: 23.10.2012 Date of Public Advisory: 16.11.2013 Reference: SAP Security Note 1836718 CVSS:...
SAP NetWeaver SRTT_GET_COUNT_BEFORE_KEY_RFC - SQL injection
Application: SAP NetWeaver Versions Affected: 7.30 Basis 720 SP 0, Kernel 720 patch 68 Vendor URL: http://www.sap.com Bugs: SQL injection Exploits: NO Reported: 22.10.2012 Vendor response: 23.10.2012 Date of Public Advisory: 30.10.2013 Reference: SAP Security Note 1783795 CVSS:...
SAP NetWeaver SDM Admin - information disclosure
Application: SAP NetWeaver SDM Versions Affected: SAP NetWeaver SDM Vendor URL: http://www.sap.com Bugs: Information Disclosure Exploits: YES Reported: 10.02.2012 Vendor response: 11.02.2012 Date of Public Advisory: 10.10.2012 Reference: SAP Security Note 1724516 Authors: Alexander Polyakov ERPSc...
SAP NetWeaver SDM Admin - DoS
Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs: Information Disclosure Exploits: YES Reported: 10.02.2012 Vendor response: 11.02.2012 Date of Public Advisory: 10.10.2012 Reference: SAP Security Note 1724516 Authors: Alexander Polyakov ERPScan...
SAP NetWeaver SDM - denial of service
Application: SAP NetWeaver SDM Versions Affected: SAP NetWeaver SDM Vendor URL: http://www.sap.com Bugs: DoS Exploits: YES Reported: 10.02.2012 Vendor response: 11.02.2012 Date of Public Advisory: 10.12.2012 Reference: SAP Security Note 1724516 Authors: Alexander Polyakov ERPScan Description SAP...
SAP NetWeaver SDM - authentication bypass
Application: SAP NetWeaver SDM Versions Affected: SAP NetWeaver SDM Vendor URL: http://www.sap.com Bugs: Auth Bypass Exploits: YES Reported: 10.02.2012 Vendor response: 11.02.2012 Date of Public Advisory: 10.10.2012 Reference: SAP Security Note 1724516 Authors: Alexander Polyakov ERPScan...
SAP NetWeaver Mobile - XSS
Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs: XSS Exploits: no Reported: 10.02.2012 Vendor response: 10.03.2012 Date of Public Advisory: 13.11.2012 Reference: SAP Security Note 1669031 Author: Alexander Polyakov ERPScan Description SAP NetWeaver...
SAP NetWeaver SDM - information disclosure and SMBRelay
Application: SAP NetWeaver SDM Versions Affected: SAP NetWeaver SDM Vendor URL: http://www.sap.com Bugs: Information Disclosure Exploits: YES Reported: 10.02.2012 Vendor response: 11.02.2012 Date of Public Advisory: 10.10.2012 Reference: SAP Security Note 1724516 Authors: Alexander Polyakov ERPSc...
SAP NetWeaver Management Console (gSOAP) - Partial HTTP requests DoS
Application: SAP Versions Affected: SAP Netweaver 7.02/7.3, probably others Vendor URL: http://www.sap.com Bugs: Denial of Service Exploits: YES Reported: 25.09.2012 Vendor response: 26.09.2012 Date of Public Advisory: 17.10.2014 Reference: SAP Security Note 1986725 Author: Igor Ilyin, Alexey...
SAP NetWeaver J2EE Engine - Partial HTTP requests DoS
Application: SAP Versions Affected: SAP Netweaver 7.02/7.3, probably others Vendor URL: http://www.sap.com Bugs: Denial of Service Exploits: YES Reported: 25.09.2012 Vendor response: 26.09.2012 Date of Public Advisory: 17.10.2014 Reference: SAP Security Note 1986725 Author: Igor Ilyin, Alexey...
SAP NetWeaver J2EE Engine - Partial HTTP POST requests DoS
Application: SAP Versions Affected: SAP Netweaver 7.02/7.3, probably others Vendor URL: http://www.sap.com Bugs: Denial of Service Exploits: YES Reported: 25.09.2012 Vendor response: 26.09.2012 Date of Public Advisory: 17.10.2014 Reference: SAP Security Note 1986725 Author: Igor Ilyin, Alexey...
SAP NetWeaver HTTP - Partial HTTP POST requests DoS
Application: SAP Versions Affected: SAP Netweaver 7.02/7.3, probably others Vendor URL: http://www.sap.com Bugs: Denial of Service Exploits: YES Reported: 25.09.2012 Vendor response: 26.09.2012 Date of Public Advisory: 17.10.2014 Reference: SAP Security Note 1986725 Author: Alexey Tyurin ERPScan...
SAP DI Log Viewer - Security Bypass
Application: SAP NetWeaver J2EE Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs: Security Bypass Exploits: YES Reported: 25.09.2012 Vendor response: 26.09.2013 Date of Public Advisory: 09.07.2013 Reference: SAP Security Note 1831022 Author: Dmitry Chastukhin ERPScan Descripti...
SAP DevInfPage - Security Bypass
Application: SAP NetWeaver J2EE Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs: Security Bypass Exploits: YES Reported: 25.09.2012 Vendor response: 26.09.2013 Date of Public Advisory: 09.07.2013 Reference: SAP Security Note 1831053 Author: Dmitry Chastukhin ERPScan Descripti...
SAP NetWeaver Management Console (gSOAP) - Partial HTTP POST requests DoS
Application: SAP Versions Affected: SAP Netweaver 7.02/7.3, probably others Vendor URL: http://www.sap.com Bugs: Denial of Service Exploits: YES Reported: 25.09.2012 Vendor response: 26.09.2012 Date of Public Advisory: 17.10.2014 Reference: SAP Security Note 1986725 Author: Igor Ilyin, Alexey...
SAP NetWeaver HTTPd - Partial HTTP POST requests DoS
Application: SAP Versions Affected: SAP Netweaver 7.02/7.3, probably others Vendor URL: http://www.sap.com Bugs: Denial of Service Exploits: YES Reported: 19.09.2012 Vendor response: 20.09.2012 Date of Public Advisory: 17.10.2014 Reference: SAP Security Note 1966655 Author: Alexey Tyurin ERPScan...
Oracle JVM gopher protocol - SSRF
Application: Oracle JVM Versions Affected: Oracle JVM Vendor URL: http://www.oracle.com Bugs: Security Bypass, SSRF Exploits: YES Reported: 16.07.2012 Vendor response: 18.07.2012 Date of Public Advisory: 23.10.2012 Reference: Oracle CPU October 2012 Authors: Alexander Polyakov ERPScan Description...
SAP NetWeaver PIP - XSS
Application: SAP NetWeaver Integration Repository Versions Affected: SAP NetWeaver Integration Repository Vendor URL: http://www.sap.com Bugs: XSS Reported: 13.07.2012 Vendor response: 14.07.2012 Date of Public Advisory: 25.01.2014 Reference: SAP Security Note 1442517 CVSS:...
SAP GRMGApp - XXE and authentication bypass
Application: SAP NetWeaver J2EE Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs: Security Bypass, XXE Exploits: YES Reported: 13.07.2012 Vendor response: 14.07.2012 Date of SAP Security Note Published: 08.01.2013 Date of Public Advisory: 28.01.2013 Reference: SAP Security Not...
SAP NetWeaver DIR error - XSS
Application: SAP NetWeaver Integration Repository Versions Affected: SAP NetWeaver Integration Repository Vendor URL: http://www.sap.com Bugs: XSS Reported: 13.07.2012 Vendor response: 14.07.2012 Date of Public Advisory: 25.01.2014 Reference: SAP Security Note 1788080 CVSS:...
SAP NetWeaver Performance Provider - XSS
Application: SAP NetWeaver Performance Provider Versions Affected: SAP NetWeaver Performance Provider Vendor URL: http://www.sap.com Bugs: XSS Exploits: YES Reported: 13.07.2012 Vendor response: 14.07.2012 Date of SAP Security Note Published: 12.03.2013 Date of Public Advisory: 14.03.2013...
SAP Portal - unauthorized file read
Application: SAP Portal Vendor URL: http://www.sap.com Bugs: Directory traversal Exploits: YES Reported: 12.03.2011 Vendor response: 13.03.2011 Date of Public Advisory: 12.09.2012 Reference: SAP Security Note 1707494 Author: Dmitry Chastukhin ERPScan Description It is possible to read files in...
SAP NetWeaver SOAP RFC - CSRF
Application: SAP BASIS Vendor URL: http://www.sap.com Bugs: CSRF Exploits: YES Reported: 12.03.2011 Vendor response:13.03.2011 Date of SAP Security Note published: 14.08.2012 Date of Public Advisory:13.11.2012 Reference: SAP Security Note 1728500 Author: Alexey Tyurin ERPScan Description It is...
SAP NetWeaver Business Communication Broker - multiple XSS
Application: SAP NetWeaver Vendor URL: Bugs: Multiple XSS Risk: High Exploits: YES Reported: 09.12.2011 Vendor response: 10.12.2011 Date of Public Advisory: 20.01.2012 Reference: SAP Security Note 1585652 Description SAP NetWeaver Business Communication Broker has multiple linked XSS vulnerabilie...
SAP NetWeaver Exportability Check Service - unauthorized directory traversal
Application: SAP NetWeaver J2EE Versions Affected: SAP NetWeaver J2EE Vendor URL: http://www.sap.com Bugs:Directory Traversal, File Read Exploits: YES Reported: 19.08.2011 Vendor response: 20.08.2011 Date of SAP Security Note Published: 08.01.2013 Date of Public Advisory: 28.01.2013 Reference: SA...
SAP NetWeaver Portal - Directory Traversal
Application: SAP NetWeaver Portal Versions Affected: SAP NetWeaver Portal Vendor URL: http://www.sap.com Bugs:Directory Traversal Exploits: YES Reported: 08.08.2011 Vendor response:10.08.2011 Date of Public Advisory:13.03.2012 Reference: SAP Security Note 1630293 Author:Dmitriy Chastuchin ERPScan...
SAP NetWeaver Internet Sales-Multiple XSS - 2
Application: SAP NetWeaver Vendor URL: Bugs: XSS Risk: Medium Exploits: YES Reported: 08.04.2011 Vendor response: 10.04.2011 Patched: 13.11.2011 Date of Public Advisory: 13.03.2012 Reference: SAP Security Note 1584030 Author: Dmitriy Chastuchin ERPScan Description SAP NetWeaver Internet...
SAP Netweaver - XML Entity Expansion DOS
Application: SAP NetWeaver Vendor URL: Bugs: DOS Risk: High Exploits: YES Reported: 08.04.2011 Vendor response: 10.04.2011 Patched: 13.11.2011 Date of Public Advisory: 13.03.2012 Reference: SAP Security Note 1594475 Author: Alexey Tyurin ERPScan Description SAP Netweaver – XML Entity Expansion It...
SAP Internet Sales - XSS
Application: SAP NetWeaver Vendor URL: Bugs: XSS Risk: High Exploits: YES Reported: 08.04.2011 Vendor response: 08.04.2011 Date of Public Advisory: 17.02.2012 Reference: SAP Security Note 1583300 Description SAP NetWeaver 7.0 Internet Sales crm.b2b has XSS vulnerability. Business Risk An attacker...
SAP NetWeaver SPML - XML External Entity
Application: SAP NetWeaver JAVA Versions Affected: 6.40/7.02 maybe others Vendor URL: http://www.sap.com Bugs: XML External Entity Exploits: YES Reported: 08.04.2011 Vendor response: 09.04.2011 Patched by SAP: 11.09.2012 Date of Public Advisory: 15.12.2012 Reference: SAP Security Note 1621534...
SAP NetWeaver servlet JavaDumpService - Multiple XSS
Application: SAP NetWeaver JavaDumpService Versions Affected: SAP NetWeaver JavaDumpService Vendor URL: Bugs: XSS Exploits: YES Reported: 30.07.2011 Vendor response: 02.08.2011 Date of Public Advisory: 30.10.2013 Reference: SAP Security Note 1828801 CVSS: AV:N/AC:M/AU:N/C:N/I:P/A:N 4.3 Author:...
SAP NetWeaver servlet DataCollector - Multiple XSS
Application: SAP NetWeaver DataCollector Versions Affected: SAP NetWeaver DataCollector Vendor URL: Bugs: XSS E xploits: YES Reported: 30.07.2011 Vendor response: 02.08.2011 Date of Public Advisory: 30.10.2013 Reference: SAP Security Note 1828801 CVSS: AV:N/AC:L/AU:S/C:C/I:N/A:N 6.8 Author: Dmitr...
SAP NetWeaver J2EE MeSync – information disclose
Application: SAP NetWeaver Versions Affected: SAP NetWeaver MI 2 Vendor URL: http://www.sap.com Bugs:information disclosure Exploits: YES Reported: 29.07.2011 Vendor response:30.07.2011 Date of Public Advisory:11.11.2011 Author: Alexander Polyakov Description Attacker can get information about...
SAP NetWeaver Portal - Unauthorized access to OS
Application: SAP NetWeaver Portal Versions Affected: SAP NetWeaver Portal Vendor URL: http://www.sap.com Bugs:Directory Traversal Exploits: YES Reported: 29.07.2011 Vendor response:01.08.2011 Date of Public Advisory:10.04.2012 Reference: SAP Security Note 1630293 Author:Alexey SintsovERPScan...
SAP NetWeaver streaming server servlet - information disclosure
Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.0 Vendor URL: http://www.sap.com Bugs:Information disclosure Exploits: YES Reported: 07.12.2011 Vendor response: 09.12.2011 Date of Public Advisory: 30.07.2012 Reference: SAP Security Note 1675605 Author: Dmitry Chastuchin ERPScan...
SAP NetWeaver Solution Manager - Missing Authorization Check & Information Disclosure
Application: SAP NetWeaver Solution Manager Versions Affected: SAP NetWeaver Solution Manager Vendor URL: http://www.sap.com Bugs: Missing Authorization Check & Information Disclosure Reported: 07.12.2011 Vendor response: 08.12.2011 Date of Public Advisory: 25.01.2014 Reference: SAP Security Note...
SAP NetWeaver PMI Agent Configuration - XML External Entity
Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs: XML External Entity Exploits: YES Reported: 07.12.2011 Vendor response: 08.12.2011 Date of Public Advisory: 22.10.2012 Reference: SAP Security Note 1721309 Author: Dmitry Chastukhin ERPScan Descriptio...
SAP Netweaver CCMS - XML External Entity
Application: SAP NetWeaver ABAP Versions Affected: SAP NetWeaver ABAP Vendor URL: http://www.sap.com Bugs: XML External Entity Exploits: YES Reported: 07.12.2011 Vendor response: 08.12.2011 Date of Public Advisory: 13.11.2012 Reference: SAP Security Note 1715040 Authors: Alexey Tyurin ERPScan...
SAP NetWeaver AdapterFramework - information disclosure
Application: SAP NetWeaver J2EE Versions Affected: SAP NetWeaver J2EE Vendor URL: http://www.sap.com Bugs: Information Disclosure Exploits: YES Reported: 06.12.2011 Vendor response: 07.12.2011 Date of Public Advisory: 13.11.2012 Reference: SAP Security Note 1679897 Authors: Dmitry Chastukhin...