← Back

Sap

sap

1,576 CVEs • 429 products

Products (429)

Click to collapse
Toggle
3d Visual Enterprise Viewer
3d_visual_enterprise_viewer
131 CVEs
Netweaver
netweaver
102 CVEs
Netweaver Application Server Abap
netweaver_application_server_abap
86 CVEs
Businessobjects Business Intelligence Platform
businessobjects_business_intelligence_platform
73 CVEs
Netweaver Application Server Java
netweaver_application_server_java
69 CVEs
Businessobjects Business Intelligence
businessobjects_business_intelligence
45 CVEs
Hana
hana
38 CVEs
Solution Manager
solution_manager
33 CVEs
Business One
business_one
31 CVEs
Internet Graphics Server
internet_graphics_server
28 CVEs
3d Visual Enterprise Author
3d_visual_enterprise_author
27 CVEs
Businessobjects
businessobjects
23 CVEs
Netweaver Abap
netweaver_abap
21 CVEs
Netweaver Process Integration
netweaver_process_integration
21 CVEs
Netweaver Enterprise Portal
netweaver_enterprise_portal
20 CVEs
Hana Extended Application Services
hana_extended_application_services
18 CVEs
Sap Basis
sap_basis
18 CVEs
Commerce Cloud
commerce_cloud
18 CVEs
Business Objects Business Intelligence Platform
business_objects_business_intelligence_platform
18 CVEs
S/4hana
s/4hana
17 CVEs
Disclosure Management
disclosure_management
16 CVEs
Host Agent
host_agent
15 CVEs
Adaptive Server Enterprise
adaptive_server_enterprise
14 CVEs
Enable Now
enable_now
14 CVEs
S4core
s4core
13 CVEs
Sap Db
sap_db
12 CVEs
Customer Relationship Management Webclient Ui
customer_relationship_management_webclient_ui
12 CVEs
Netweaver As Abap
netweaver_as_abap
12 CVEs
Abap Platform
abap_platform
12 CVEs
Sap Web Application Server
sap_web_application_server
11 CVEs
Sap Kernel
sap_kernel
11 CVEs
Supplier Relationship Management
supplier_relationship_management
11 CVEs
Web Dispatcher
web_dispatcher
11 CVEs
Customer Relationship Management
customer_relationship_management
10 CVEs
Netweaver As Abap Business Server Pages
netweaver_as_abap_business_server_pages
10 CVEs
Commerce
commerce
10 CVEs
Internet Transaction Server
internet_transaction_server
9 CVEs
Netweaver Application Server For Java
netweaver_application_server_for_java
9 CVEs
Rfc Library
rfc_library
8 CVEs
Maxdb
maxdb
8 CVEs
Sql Anywhere
sql_anywhere
8 CVEs
Mobile Platform
mobile_platform
8 CVEs
Trex
trex
8 CVEs
Hybris
hybris
8 CVEs
Hana Database
hana_database
8 CVEs
Cloud Connector
cloud_connector
8 CVEs
Landscape Management
landscape_management
8 CVEs
Business Connector
business_connector
7 CVEs
Crystal Reports
crystal_reports
7 CVEs
Afaria
afaria
7 CVEs
Sapscore
sapscore
7 CVEs
S/4 Hana
s/4_hana
7 CVEs
Business Warehouse
business_warehouse
7 CVEs
Netweaver As Internet Graphics Server
netweaver_as_internet_graphics_server
7 CVEs
Sapgui
sapgui
6 CVEs
Erp
erp
6 CVEs
Businessobjects Edge
businessobjects_edge
6 CVEs
Content Server
content_server
6 CVEs
Business Application Software Integrated Solution
business_application_software_integrated_solution
6 CVEs
Business Planning And Consolidation
business_planning_and_consolidation
6 CVEs
Basis
basis
6 CVEs
Fiori Client
fiori_client
6 CVEs
Financial Consolidation
financial_consolidation
6 CVEs
Netweaver Knowledge Management
netweaver_knowledge_management
6 CVEs
Customer Relationship Management S4fnd
customer_relationship_management_s4fnd
6 CVEs
Sap R 3
sap_r_3
5 CVEs
Crystal Reports Server
crystal_reports_server
5 CVEs
Netweaver Java Application Server
netweaver_java_application_server
5 CVEs
Gui For Windows
gui_for_windows
5 CVEs
S4fnd
s4fnd
5 CVEs
Bw/4hana
bw/4hana
5 CVEs
Advanced Business Application Programming Platform Kernel
advanced_business_application_programming_platform_kernel
5 CVEs
Businessobjects Web Intelligence
businessobjects_web_intelligence
5 CVEs
Netweaver As Abap Krnl64uc
netweaver_as_abap_krnl64uc
5 CVEs
Powerdesigner
powerdesigner
5 CVEs
Enjoysap
enjoysap
4 CVEs
Saplpd
saplpd
4 CVEs
Netweaver Development Infrastructure
netweaver_development_infrastructure
4 CVEs
J2ee Engine
j2ee_engine
4 CVEs
Enterprise Portal
enterprise_portal
4 CVEs
Netweaver Abap Application Server
netweaver_abap_application_server
4 CVEs
Commoncryptolib
commoncryptolib
4 CVEs
Business Client
business_client
4 CVEs
Identity Management
identity_management
4 CVEs
Ui
ui
4 CVEs
Businessobjects Bi Platform
businessobjects_bi_platform
4 CVEs
Fiori
fiori
4 CVEs
Advanced Business Application Programming Platform Krnl64nuc
advanced_business_application_programming_platform_krnl64nuc
4 CVEs
Advanced Business Application Programming Platform Krnl64uc
advanced_business_application_programming_platform_krnl64uc
4 CVEs
Diagnostics Agent
diagnostics_agent
4 CVEs
Fiori Launchpad
fiori_launchpad
4 CVEs
Focused Run
focused_run
4 CVEs
Contact Center
contact_center
4 CVEs
Netweaver As Abap Kernel
netweaver_as_abap_kernel
4 CVEs
Netweaver As Abap Krnl64nuc
netweaver_as_abap_krnl64nuc
4 CVEs
Application Interface Framework
application_interface_framework
4 CVEs
Sapsprint
sapsprint
3 CVEs
Graphical User Interface
graphical_user_interface
3 CVEs
Erp Central Component
erp_central_component
3 CVEs
Network Interface Router
network_interface_router
3 CVEs

CVEs (1,576)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-6196
1Sap
1Businessobjects Mobile
Nov 21, 2024
Mar 10, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
SAP BusinessObjects Mobile (MobileBIService), version 4.2, allows an attacker to generate multiple requests, using which he can block all the threads resulting in a Denial of Service.
CVE-2020-6178
1Sap
1Enable Now
Nov 21, 2024
Mar 10, 2020
N/A· v4
5.4 MEDIUM· v3
5.5 MEDIUM· v2
SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be stolen from the browser history or log files, leading to Information Disclosure.
CVE-2015-7968
1Sap
1Netweaver Application Server
Nov 21, 2024
Mar 9, 2020
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
nwbc_ext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbc_ext2int/ URI.
CVE-2020-6193
1Sap
1Netweaver Knowledge Management
Nov 21, 2024
Feb 12, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
SAP NetWeaver (Knowledge Management ICE Service), versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to execute malicious scripts leading to Reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2020-6192
1Sap
1Landscape Management
Nov 21, 2024
Feb 12, 2020
N/A· v4
7.2 HIGH· v3
9.0 HIGH· v2
SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management.
CVE-2020-6191
1Sap
1Landscape Management
Nov 21, 2024
Feb 12, 2020
N/A· v4
7.2 HIGH· v3
9.0 HIGH· v2
SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation.
CVE-2020-6190
1Sap
1Netweaver Application Server Java
Nov 21, 2024
Feb 12, 2020
N/A· v4
5.8 MEDIUM· v3
5.0 MEDIUM· v2
Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and installation path that could be...Show more
Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and installation path that could be misused by an attacker leading to Information Disclosure.Show less
CVE-2020-6189
1Sap
1Businessobjects Business Intelligence Platform
Nov 21, 2024
Feb 12, 2020
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
Certain settings page(s) in SAP Business Objects Business Intelligence Platform (CMC), version 4.2, generates error messages that can give enterprise private-network related information which would otherwise be restricte...Show more
Certain settings page(s) in SAP Business Objects Business Intelligence Platform (CMC), version 4.2, generates error messages that can give enterprise private-network related information which would otherwise be restricted leading to Information Disclosure.Show less
CVE-2020-6188
1Sap
2Erp
S/4 Hana
Nov 21, 2024
Feb 12, 2020
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorizatio...Show more
VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check.Show less
CVE-2020-6187
1Sap
1Netweaver Guided Procedures
Nov 21, 2024
Feb 12, 2020
N/A· v4
4.9 MEDIUM· v3
4.0 MEDIUM· v2
SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document input from a compromised admin, leading to Denial of Service.
CVE-2020-6186
1Sap
1Host Agent
Nov 21, 2024
Feb 12, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, leading to Denial of Service.
CVE-2020-6185
1Sap
2Netweaver
S/4hana
Nov 21, 2024
Feb 12, 2020
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious payload wh...Show more
Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious payload which results in Stored Cross Site Scripting vulnerability.Show less
CVE-2020-6184
1Sap
2Netweaver
S/4hana
Nov 21, 2024
Feb 12, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode user-controlled inputs, resulting...Show more
Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability.Show less
CVE-2020-6183
1Sap
1Host Agent
Nov 21, 2024
Feb 12, 2020
N/A· v4
6.5 MEDIUM· v3
6.4 MEDIUM· v2
SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may contain data read with user...Show more
SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may contain data read with user root privileges e.g. size of any directory, system hardware and OS details, leading to Missing Authorization Check vulnerability.Show less
CVE-2020-6181
1Sap
2Abap Platform
Netweaver
Nov 21, 2024
Feb 12, 2020
N/A· v4
5.8 MEDIUM· v3
5.0 MEDIUM· v2
Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidat...Show more
Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability.Show less
CVE-2020-6177
1Sap
1Mobile Platform
Nov 21, 2024
Feb 12, 2020
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
SAP Mobile Platform, version 3.0, does not sufficiently validate an XML document accepted from an untrusted source which could lead to partial denial of service. Since SAP Mobile Platform does not allow External-Entity r...Show more
SAP Mobile Platform, version 3.0, does not sufficiently validate an XML document accepted from an untrusted source which could lead to partial denial of service. Since SAP Mobile Platform does not allow External-Entity resolving, there is no issue of leaking content of files on the server.Show less
CVE-2011-1517
1Sap
1Netweaver
Nov 21, 2024
Feb 5, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerability to cause the app...Show more
SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerability to cause the application to crash.Show less
CVE-2013-1593
1Sap
1Netweaver
Nov 21, 2024
Jan 23, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN...Show more
A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN.Show less
CVE-2013-1592
1Sap
1Netweaver
Nov 21, 2024
Jan 23, 2020
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s,...Show more
A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code.Show less
CVE-2020-6307
1Sap
1Basis
Nov 21, 2024
Jan 14, 2020
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information.