sap

1,577 tracked vulnerabilities.

CVE-2018-2374 MEDIUM
SAP HANA Extended Application Services 1.0 - Info Disclosure
Feb 14, 2018
CVSS 6.5
EPSS 0.01
CVE-2018-2373 HIGH
SAP HANA Extended Application Services 1.0 - Unauthenticated SQL Injection via Controller API Endpoint
Feb 14, 2018
CVSS 7.5
EPSS 0.01
CVE-2018-2372 MEDIUM
SAP HANA Extended Application Services 1.0 - Sensitive Information Disclosure in Log File
Feb 14, 2018
CVSS 6.5
EPSS 0.01
CVE-2018-2371 MEDIUM
SAP NetWeaver AS Java Web Application 7.50 - Cross-Site Scripting in SAML 2.0 Service Provider
Feb 14, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-2370 MEDIUM
SAP BI Launchpad 4.10, 4.20, 4.30 - Server-Side Request Forgery
Feb 14, 2018
CVSS 5.3
EPSS 0.01
CVE-2018-2369 MEDIUM
SAP HANA 1.00, 2.00 - Unauthenticated Information Disclosure via SQL Interface
Feb 14, 2018
CVSS 5.3
EPSS 0.02
CVE-2018-2364 MEDIUM
SAP CRM WebClient UI 7.01-8.01 and S4FND 1.02 - Cross-Site Scripting via Hidden Fields
Feb 14, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-2363 HIGH
SAP NetWeaver 7.00-7.02, 7.10-7.11, 7.30-7.31, 7.40, 7.50-7.52 - Unauthenticated Remote Code Execution
Jan 09, 2018
CVSS 8.8
EPSS 0.02
CVE-2018-2362 MEDIUM
SAP HANA 1.00 and 2.00 - Unauthenticated Information Disclosure via SOAP Request
Jan 09, 2018
CVSS 5.3
EPSS 0.02
CVE-2018-2361 HIGH
SAP Solution Manager 7.20 - Incorrect Authorization in SAP_BPO_CONFIG Role
Jan 09, 2018
CVSS 8.8
EPSS 0.01
CVE-2018-2360 HIGH
SAP KERNEL 7.45, 7.49, 7.52 - Missing Authentication for Critical Function
Jan 09, 2018
CVSS 7.5
EPSS 0.03
CVE-2017-16349 HIGH
SAP Business Planning and Consolidation - XML External Entity Injection in Reporting Functionality
Aug 02, 2018
CVSS 8.1
EPSS 0.01
CVE-2017-16691 MEDIUM
SAP BASIS -7.02,-7.11,-7.30,-7.31,-7.40,-7.52 - Code Injection
Dec 12, 2017
CVSS 6.5
EPSS 0.01
CVE-2017-16690 HIGH
SAP Plant Connectivity 2.3,15.0 - DLL Preload
Dec 12, 2017
CVSS 7.8
EPSS 0.01
CVE-2017-16689 HIGH
SAP Kernel 7.21-7.22, 7.21EXT, 7.22EXT, 7.45, 7.49 - Improper Authentication in Trusted RFC Connection
Dec 12, 2017
CVSS 8.8
EPSS 0.01
CVE-2017-16687 MEDIUM
SAP HANA Database 1.00, 2.00 - Unauthenticated User Enumeration via Error Messages
Dec 12, 2017
CVSS 5.3
EPSS 0.01
CVE-2017-16685 MEDIUM
SAP Business Warehouse Universal Data Integration <7.50 - XSS
Dec 12, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-16684 CRITICAL
SAP Business Intelligence <4.30 - Auth Bypass
Dec 12, 2017
CVSS 9.8
EPSS 0.02
CVE-2017-16683 MEDIUM
SAP Business Objects Platform - DoS
Dec 12, 2017
CVSS 6.5
EPSS 0.01
CVE-2017-16682 HIGH
SAP NetWeaver ITS/Basis - Code Injection
Dec 12, 2017
CVSS 7.2
EPSS 0.02
CVE-2017-16681 MEDIUM
SAP Business Intelligence Promotion Management - XSS
Dec 12, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-16680 HIGH
SAP HANA extended application services - Audit Log Injection
Dec 12, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-16679 MEDIUM
SAP Startup Service - Open Redirect
Dec 12, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-16678 MEDIUM
SAP NetWeaver KMC 7.00-7.02, KMC-BC 7.30-7.50 Server-Side Request Forgery
Dec 12, 2017
CVSS 4.7
EPSS 0.01
CVE-2017-14516 MEDIUM
SAP Business Objects Financial Consolidation <2017-06-13 - XSS
Dec 03, 2017
CVSS 6.1
EPSS 0.01