| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-3063 |
|
|
Exec Code |
2013-05-01 |
2013-05-01 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
SAP BASIS Communication Services 4.6B through 7.30 allows remote authenticated users to execute arbitrary commands via unspecified vectors. |
|
2 |
CVE-2013-3062 |
264 |
|
Bypass |
2013-05-01 |
2013-05-01 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
The CP_RC_TRANSACTION_CALL_BY_SET function in the Engineering Workbench component in SAP Production Planning and Control allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors. |
|
3 |
CVE-2013-3061 |
264 |
|
Bypass |
2013-05-01 |
2013-05-01 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors. |
|
4 |
CVE-2012-4341 |
119 |
|
DoS Exec Code Overflow |
2012-08-15 |
2012-08-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900. |
|
5 |
CVE-2012-2612 |
119 |
|
DoS Overflow |
2012-05-15 |
2012-08-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. |
|
6 |
CVE-2012-2611 |
20 |
|
Exec Code |
2012-05-15 |
2012-08-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet. |
|
7 |
CVE-2012-2514 |
119 |
|
DoS Overflow |
2012-05-15 |
2012-08-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. |
|
8 |
CVE-2012-2513 |
119 |
|
DoS Overflow |
2012-05-15 |
2012-08-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. |
|
9 |
CVE-2012-2512 |
119 |
|
DoS Overflow |
2012-05-15 |
2012-08-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. |
|
10 |
CVE-2012-2511 |
119 |
|
DoS Overflow |
2012-05-15 |
2012-08-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. |
|
11 |
CVE-2012-1292 |
|
|
+Info |
2012-02-23 |
2012-02-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vectors. |
|
12 |
CVE-2012-1291 |
|
|
+Info |
2012-02-23 |
2012-02-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the EnableInvokerServletGlobally property in the servlet_jsp service. |
|
13 |
CVE-2012-1290 |
79 |
|
XSS |
2012-02-23 |
2012-02-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter. |
|
14 |
CVE-2012-1289 |
22 |
|
Dir. Trav. |
2012-02-23 |
2012-02-24 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or (3) ipc/admin/log.jsp or (4) ipc/admin/log_view.jsp in the Application Administration (com.sap.ipc.webapp.ipc) component. |
|
15 |
CVE-2011-5263 |
79 |
|
XSS |
2013-02-12 |
2013-02-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter. |
|
16 |
CVE-2011-5260 |
79 |
|
XSS |
2013-02-12 |
2013-02-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter. |
|
17 |
CVE-2011-5154 |
|
|
+Priv |
2012-09-06 |
2012-09-06 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and (2) BExAnalyzer.exe in SAP GUI 6.4 through 7.2 allow local users to gain privileges via a Trojan horse MFC80LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .sap file. NOTE: some of these details are obtained from third party information. |
|
18 |
CVE-2011-4805 |
79 |
|
XSS |
2011-12-13 |
2012-02-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in pubDBLogon.jsp in SAP Crystal Report Server 2008 allows remote attackers to inject arbitrary web script or HTML via the service parameter. |
|
19 |
CVE-2011-4707 |
79 |
|
XSS |
2011-12-08 |
2011-12-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet. |
|
20 |
CVE-2010-4556 |
119 |
|
Exec Code Overflow |
2010-12-17 |
2010-12-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the SapThemeRepository ActiveX control (sapwdpcd.dll) in SAP NetWeaver Business Client allows remote attackers to execute arbitrary code via the (1) Load and (2) LoadTheme methods. |
|
21 |
CVE-2010-3983 |
264 |
|
+Priv |
2010-10-18 |
2010-11-03 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Program Job Server and the Program Login property. |
|
22 |
CVE-2010-3982 |
200 |
|
+Info |
2010-10-18 |
2010-11-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port, and obtain potentially sensitive information about open ports, via the apstoken parameter to the CrystalReports/viewrpt.cwr URI, related to an "internal port scanning" issue. |
|
23 |
CVE-2010-3981 |
79 |
|
XSS |
2010-10-18 |
2010-11-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to inject arbitrary web script or HTML via the ServiceClass field to the Edit Service Parameters page. |
|
24 |
CVE-2010-3980 |
|
|
DoS |
2010-10-18 |
2010-10-19 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the number of CUIDs that may be requested, which allows remote authenticated users to cause a denial of service via a large numCuids value in a GenerateCuids SOAPAction to the dswsbobje/services/biplatform URI. |
|
25 |
CVE-2010-3979 |
200 |
|
+Info |
2010-10-18 |
2010-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate account names via a login SOAPAction to the dswsbobje/services/session URI. |
|
26 |
CVE-2010-3032 |
189 |
|
DoS Exec Code Overflow |
2010-08-17 |
2010-08-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow. |
|
27 |
CVE-2010-2904 |
79 |
1
|
XSS |
2010-07-28 |
2010-07-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2) helpstring parameter to paramhelp.jsp. |
|
28 |
CVE-2010-2590 |
119 |
1
|
Exec Code Overflow |
2010-12-21 |
2011-01-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value. |
|
29 |
CVE-2010-2347 |
264 |
|
Bypass |
2010-06-21 |
2010-06-22 |
4.9 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
None |
|
The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 through 7.02, and Server Core (SERVERCORE) 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors. |
|
30 |
CVE-2010-1609 |
79 |
|
XSS |
2010-04-29 |
2010-04-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before SP21 and 2004s before SP13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
31 |
CVE-2010-1185 |
119 |
|
Exec Code Overflow |
2010-03-29 |
2010-03-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in serv.exe in SAP MaxDB 7.4.3.32, and 7.6.0.37 through 7.6.06 allows remote attackers to execute arbitrary code via an invalid length parameter in a handshake packet to TCP port 7210. NOTE: some of these details are obtained from third party information. |
|
32 |
CVE-2010-0219 |
255 |
1
|
Exec Code |
2010-10-18 |
2013-05-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service. |
|
33 |
CVE-2009-4988 |
119 |
|
Exec Code Overflow |
2010-08-25 |
2010-08-25 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business One 2005 A 6.80.123 and 6.80.320 allows remote attackers to execute arbitrary code via a long GIOP request to TCP port 30000. |
|
34 |
CVE-2009-4603 |
|
|
DoS |
2010-01-12 |
2010-01-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request. NOTE: some of these details are obtained from third party information. |
|
35 |
CVE-2009-3346 |
|
|
Exec Code |
2009-09-24 |
2009-09-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in SAP Crystal Reports Server 2008 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. |
|
36 |
CVE-2009-3345 |
119 |
|
Overflow |
2009-09-24 |
2011-12-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in SAP Crystal Reports Server 2008 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. |
|
37 |
CVE-2009-3344 |
|
|
DoS |
2009-09-24 |
2009-09-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in SAP Crystal Reports Server 2008 on Windows XP allows attackers to cause a denial of service (infinite loop) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. |
|
38 |
CVE-2009-2932 |
79 |
|
XSS |
2009-08-21 |
2009-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field. |
|
39 |
CVE-2008-4830 |
|
|
|
2009-04-16 |
2009-04-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI 6.40 Patch 29 (KWEDIT.DLL 6400.1.1.41) and 7.10 Patch 5 (KWEDIT.DLL 7100.1.1.43) allows remote attackers to (1) overwrite arbitrary files via the SaveDocumentAs method or (2) read or execute arbitrary files via the OpenDocument method. |
|
40 |
CVE-2008-4827 |
119 |
|
Exec Code Overflow |
2009-01-08 |
2009-01-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple heap-based buffer overflows in the AddTab method in the (1) Tab and (2) CTab ActiveX controls in c1sizer.ocx and the (3) TabOne ActiveX control in sizerone.ocx in ComponentOne SizerOne 8.0.20081.140, as used in ComponentOne Studio for ActiveX 2008, TSC2 Help Desk 4.1.8, SAP GUI 6.40 Patch 29 and 7.10, and possibly other products, allow remote attackers to execute arbitrary code by adding many tabs, or adding tabs with long tab captions. |
|
41 |
CVE-2008-4387 |
94 |
|
Exec Code |
2008-11-10 |
2009-07-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer. |
|
42 |
CVE-2008-3358 |
79 |
|
XSS |
2009-01-28 |
2009-02-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP NetWeaver portal, when Internet Explorer 7.0.5730 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URI, which causes the XSS payload to be reflected in a text/plain document. |
|
43 |
CVE-2008-2421 |
79 |
|
XSS |
2008-05-23 |
2008-11-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under bc/gui/sap/its/webgui/. |
|
44 |
CVE-2008-2123 |
79 |
|
XSS |
2008-05-09 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in WGate in SAP Internet Transaction Server (ITS) 6.20 allows remote attackers to inject arbitrary web script or HTML via (1) a "<>" sequence in the ~service parameter to wgate.dll, or (2) Javascript splicing in the query string, a different vector than CVE-2006-5114. |
|
45 |
CVE-2008-1846 |
79 |
|
XSS |
2008-04-16 |
2009-01-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The default configuration of SAP NetWeaver before 7.0 SP15 does not enable the "Always Use Secure HTML Editor" (aka Editor Security or Secure Editing) parameter, which allows remote attackers to conduct cross-site scripting (XSS) attacks by entering feedback for a file. |
|
46 |
CVE-2008-1810 |
264 |
|
+Priv |
2008-08-01 |
2008-09-10 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 on Linux allows local users to gain privileges via a modified PATH environment variable. |
|
47 |
CVE-2008-0621 |
119 |
1
|
Exec Code Overflow |
2008-02-06 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to execute arbitrary code via long arguments to the (1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04, and (5) 0x05 LPD commands. |
|
48 |
CVE-2008-0620 |
119 |
|
DoS Overflow |
2008-02-06 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to cause a denial of service (crash) via a 0x53 LPD command, which causes the server to terminate. |
|
49 |
CVE-2008-0307 |
189 |
|
Exec Code |
2008-03-11 |
2008-09-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer signedness error in vserver in SAP MaxDB 7.6.0.37, and possibly other versions, allows remote attackers to execute arbitrary code via unknown vectors that trigger heap corruption. |
|
50 |
CVE-2008-0306 |
|
|
Exec Code |
2008-03-11 |
2008-09-05 |
6.9 |
Admin |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings. |
