Race condition in SDBINST for SAP database 7.3.0.29 creates critical files with world-writable permissions before initializing the setuid bits, which allows local attackers to gain root privileges by modifying the files before the permissions are changed.
Max CVSS
6.2
EPSS Score
0.04%
Published
2003-05-27
Updated
2016-10-18
Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to insert arbitrary web script and steal cookies via the ~service parameter.
Max CVSS
6.8
EPSS Score
94.51%
Published
2003-10-20
Updated
2008-09-05
Directory traversal vulnerability in SAP Business Connector (BC) 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to (1) sapbc/SAP/chopSAPLog.dsp or (2) invoke/sap.monitor.rfcTrace/deleteSingle. Details will be updated after the grace period has ended. NOTE: SAP Business Connector is an OEM version of webMethods Integration Server. webMethods states that this issue can only occur when the product is installed as root/admin, and if the attacker has access to a general purpose port; however, both are discouraged in the documentation. In addition, the attacker must already have acquired administrative privileges through other means.
Max CVSS
6.4
EPSS Score
0.72%
Published
2006-02-16
Updated
2018-10-19
SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers.
Max CVSS
6.4
EPSS Score
1.44%
Published
2006-03-07
Updated
2018-10-18
Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP Internet Transaction Server (ITS) 6.1 and 6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) ~urlmime or (2) ~command parameter, different vectors than CVE-2003-0749.
Max CVSS
6.8
EPSS Score
2.86%
Published
2006-10-03
Updated
2018-10-17
sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings.
Max CVSS
6.9
EPSS Score
0.04%
Published
2008-03-11
Updated
2017-08-08
Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and (2) BExAnalyzer.exe in SAP GUI 6.4 through 7.2 allow local users to gain privileges via a Trojan horse MFC80LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .sap file. NOTE: some of these details are obtained from third party information.
Max CVSS
6.9
EPSS Score
0.06%
Published
2012-09-06
Updated
2021-01-15
The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.23%
Published
2013-05-01
Updated
2023-09-26
The CP_RC_TRANSACTION_CALL_BY_SET function in the Engineering Workbench component in SAP Production Planning and Control allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.27%
Published
2013-05-01
Updated
2014-03-07
SAP BASIS Communication Services 4.6B through 7.30 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
Max CVSS
6.0
EPSS Score
0.20%
Published
2013-05-01
Updated
2013-11-19
Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB function in the Project System (PS-IS) module for SAP ERP Central Component (ECC) allow remote attackers to execute arbitrary code via a (1) RFC or (2) SOAP-RFC request.
Max CVSS
6.0
EPSS Score
0.53%
Published
2013-10-24
Updated
2013-10-25
Heap-based buffer overflow in SAP Network Interface Router (SAProuter) 7.30 allows remote attackers to cause a denial of service and execute arbitrary code via crafted NI Route messages.
Max CVSS
6.8
EPSS Score
3.41%
Published
2013-11-20
Updated
2018-12-10
SAP NetWeaver Logviewer 6.30, when running on Windows, allows remote attackers to bypass intended access restrictions via unspecified vectors.
Max CVSS
6.4
EPSS Score
0.70%
Published
2013-11-20
Updated
2018-12-10
GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors.
Max CVSS
6.4
EPSS Score
0.94%
Published
2013-11-20
Updated
2018-12-10
SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors.
Max CVSS
6.0
EPSS Score
0.65%
Published
2014-07-31
Updated
2018-10-09
Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file.
Max CVSS
6.8
EPSS Score
50.94%
Published
2014-09-04
Updated
2017-09-08
Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file.
Max CVSS
6.8
EPSS Score
30.23%
Published
2014-09-04
Updated
2017-01-07
Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors.
Max CVSS
6.5
EPSS Score
1.33%
Published
2014-09-05
Updated
2018-12-10
Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors.
Max CVSS
6.0
EPSS Score
0.74%
Published
2014-10-16
Updated
2018-10-09
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734.
Max CVSS
6.5
EPSS Score
0.92%
Published
2015-01-15
Updated
2018-12-10
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271.
Max CVSS
6.5
EPSS Score
0.92%
Published
2015-01-15
Updated
2018-12-10
SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079.
Max CVSS
6.4
EPSS Score
0.35%
Published
2015-04-01
Updated
2018-12-10
Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369.
Max CVSS
6.5
EPSS Score
1.33%
Published
2015-04-01
Updated
2018-12-10
XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485.
Max CVSS
6.8
EPSS Score
0.66%
Published
2015-08-24
Updated
2018-12-10
XML external entity (XXE) vulnerability in the application import functionality in SAP Mobile Platform 2.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2152227.
Max CVSS
6.8
EPSS Score
0.66%
Published
2015-08-24
Updated
2018-12-10
306 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!