sap

1,577 tracked vulnerabilities.

CVE-2017-15297 HIGH
SAP Host Agent - Unauthenticated Improper Authentication via SOAP SAPControl Endpoint
Oct 16, 2017
CVSS 7.5
EPSS 0.03
CVE-2017-15296 HIGH
SAP Customer Relationship Management - Cross-Site Request Forgery
Oct 16, 2017
CVSS 8.8
EPSS 0.01
CVE-2017-15295 CRITICAL
SAP Point of Sale Xpress Server - Unauthenticated Arbitrary File Access
Oct 16, 2017
CVSS 9.8
EPSS 0.02
CVE-2017-15294 MEDIUM
SAP Customer Relationship Management - Cross-Site Scripting in Java Administration Console
Oct 16, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-15293 CRITICAL
SAP Point of Sale Xpress Server - Unauthenticated Improper Authentication
Oct 16, 2017
CVSS 9.8
EPSS 0.04
CVE-2017-10701 MEDIUM
SAP Enterprise Portal < 7.50 - Cross-Site Scripting
Sep 29, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-14581 HIGH
SAP NetWeaver AS Java 7.0-7.5 - Denial of Service via Host Control Web Service
Sep 19, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-14511 HIGH
SAP E-Recruiting <617 - Auth Bypass
Sep 17, 2017
CVSS 7.5
EPSS 0.01
CVE-2017-12637 HIGH KEVNUCLEI
SAP NetWeaver Application Server Java 7.5 - Local File Inclusion
Aug 07, 2017
CVSS 7.5
EPSS 0.95
CVE-2017-11460 MEDIUM
SAP NetWeaver Portal 7.4 - Cross-Site Scripting via DataArchivingService Servlet Responsecode Parameter
Jul 25, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-11459 CRITICAL
SAP TREX 7.10 - Remote Code Execution via fdir Command
Jul 25, 2017
CVSS 9.8
EPSS 0.02
CVE-2017-11458 MEDIUM
SAP NetWeaver AS JAVA 7.3 - Cross-Site Scripting via ctcprotocol/Protocol Servlet sessionID Parameter
Jul 25, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-11457 MEDIUM
SAP NetWeaver AS JAVA 7.5 - Authenticated XML External Entity Injection in com.sap.km.cm.ice
Jul 25, 2017
CVSS 6.5
EPSS 0.01
CVE-2017-9845 HIGH
SAP NetWeaver 7.40 - Denial of Service via DIAG Request
Jul 12, 2017
CVSS 7.5
EPSS 0.03
CVE-2017-9844 HIGH
SAP NetWeaver 7400.12.21.30308 - RCE/DoS
Jul 12, 2017
CVSS 7.5
EPSS 0.06
CVE-2017-9843 LOW
SAP NetWeaver AS ABAP 7.40 - Authenticated Denial of Service via disp+work.exe
Jul 12, 2017
CVSS 2.7
EPSS 0.02
CVE-2017-9613 MEDIUM
SAP SuccessFactors <b1705.1234962 - XSS
Jun 15, 2017
CVSS 5.4
EPSS 0.01
CVE-2017-8915 HIGH
SAP HANA XS 1.00 and 2.00 - Denial of Service via Package Filename with Special Characters
May 23, 2017
CVSS 7.5
EPSS 0.03
CVE-2017-8914 HIGH
SAP HANA XS - Arbitrary File Hosting via Insecure User Creation Policy
May 23, 2017
CVSS 8.3
EPSS 0.01
CVE-2017-8913 HIGH
SAP NetWeaver AS JAVA 7.5 - Authenticated XML External Entity Injection in Visual Composer VC70RUNTIME
May 23, 2017
CVSS 8.8
EPSS 0.01
CVE-2017-8852 HIGH
SAP SAPCAR 721.510 - Heap-Based Buffer Overflow via Crafted CAR Archive
May 10, 2017
CVSS 7.8
EPSS 0.03
CVE-2017-7717 HIGH
SAP NetWeaver AS Java 7.4 - SQL Injection
Apr 14, 2017
CVSS 8.8
EPSS 0.02
CVE-2017-7696 HIGH
SAP AS JAVA SSO Authentication Library <3.0 - DoS
Apr 14, 2017
CVSS 7.5
EPSS 0.36
CVE-2017-7691 CRITICAL
SAP TREX - Code Injection
Apr 11, 2017
CVSS 9.8
EPSS 0.02
CVE-2017-6950 CRITICAL
SAP GUI for Windows 7.2-7.5 - Remote Code Execution via ABAP Code Injection
Mar 23, 2017
CVSS 9.8
EPSS 0.04