sap

1,568 tracked vulnerabilities.

CVE-2016-10079 HIGH
SAPlpd < 7400.3.11.33 - Denial of Service via Long String to TCP Port 515
Feb 01, 2017
CVSS 7.5
EPSS 0.14
CVE-2016-6859 MEDIUM
SAP Hybris - Information Disclosure via Java Stack Trace
Dec 31, 2016
CVSS 4.3
EPSS 0.00
CVE-2016-6858 MEDIUM
SAP Hybris < 5.0.4.11 - Authenticated Cross-Site Scripting in Create Employee Name Field
Dec 31, 2016
CVSS 5.4
EPSS 0.00
CVE-2016-6857 MEDIUM
SAP Hybris < 5.2.0.13 - Authenticated Cross-Site Scripting in Create Catalogue ID Field
Dec 31, 2016
CVSS 5.4
EPSS 0.00
CVE-2016-6856 MEDIUM
SAP Hybris < 5.6.0.10 - Cross-Site Scripting via Inbox Search Itemsperpage Parameter
Dec 31, 2016
CVSS 6.1
EPSS 0.00
CVE-2016-10005 HIGH
SAP Solution Manager 7.1-7.31 - Information Disclosure via Webdynpro Dispatcher
Dec 19, 2016
CVSS 7.5
EPSS 0.01
CVE-2016-3685 MEDIUM
SAP Download Manager <2.1.142 - Info Disclosure
Dec 14, 2016
CVSS 4.7
EPSS 0.00
CVE-2016-3684 MEDIUM
SAP Download Manager <2.1.142 - Info Disclosure
Dec 14, 2016
CVSS 4.7
EPSS 0.00
CVE-2016-9563 MEDIUM KEV
SAP NetWeaver AS JAVA 7.5 - Authenticated XML External Entity Injection via BPEM UWL Connection Provider
Nov 23, 2016
CVSS 6.5
EPSS 0.59
CVE-2016-9562 HIGH
SAP NetWeaver AS JAVA 7.4 - Denial of Service via HTTPS Request to sap.com~P4TunnelingApp!web/myServlet
Nov 23, 2016
CVSS 7.5
EPSS 0.01
CVE-2016-7437 LOW
SAP Netweaver 7.40 - Local Info Disclosure
Oct 13, 2016
CVSS 3.3
EPSS 0.00
CVE-2016-4407 MEDIUM
SAP SAPCRYPTOLIB <5.555.38 - Privilege Escalation
Oct 13, 2016
CVSS 6.5
EPSS 0.00
CVE-2016-3946 HIGH
SAP Console <7.30 - Info Disclosure
Oct 13, 2016
CVSS 7.8
EPSS 0.00
CVE-2016-3638 MEDIUM
SAP SLD Registration - Denial of Service via HOST Parameter
Oct 13, 2016
CVSS 5.5
EPSS 0.00
CVE-2016-3635 HIGH
SAP NetWeaver 7.4 - Authenticated Unified Connectivity Access Control Bypass via Communication Assembly RFM
Oct 13, 2016
CVSS 7.5
EPSS 0.01
CVE-2016-7435 CRITICAL
SAP NetWeaver 7.40 SP 12 - Authenticated Remote Code Execution via SCTC Subpackage CALL 'SYSTEM' Statement
Oct 05, 2016
CVSS 9.1
EPSS 0.01
CVE-2016-4551 HIGH
SAP NetWeaver 7.00 SP Level 0031 - IP Address Spoofing in Security Audit Log
Oct 05, 2016
CVSS 7.5
EPSS 0.00
CVE-2016-6146 MEDIUM
SAP TREX 7.10- Revision 63 - Info Disclosure
Sep 27, 2016
CVSS 5.3
EPSS 0.00
CVE-2016-6137 CRITICAL
SAP TREX 7.10 Revision 63 - Remote Command Execution
Sep 27, 2016
CVSS 9.8
EPSS 0.04
CVE-2016-6142 HIGH
SAP HANA DB <1.00.73.00.389160 - Code Injection
Sep 26, 2016
CVSS 7.5
EPSS 0.01
CVE-2016-3639 MEDIUM
SAP HANA DB <1.00.091.00.1418659308 - Info Disclosure
Sep 26, 2016
CVSS 4.3
EPSS 0.00
CVE-2016-5847 MEDIUM
SAP SAPCAR Archive Tool - Arbitrary File Permission Change via Hard Link Attack
Aug 13, 2016
CVSS 5.8
EPSS 0.00
CVE-2016-5845 MEDIUM
SAP SAPCAR - Denial of Service via Invalid File Name in Archive
Aug 13, 2016
CVSS 5.5
EPSS 0.02
CVE-2016-6150 CRITICAL
SAP HANA - Improper Access Control via Unencrypted Communications
Aug 05, 2016
CVSS 9.8
EPSS 0.02
CVE-2016-6149 MEDIUM
SAP HANA SPS09 1.00.091.00.14186593 - Info Disclosure
Aug 05, 2016
CVSS 5.5
EPSS 0.00
Products
3d_visual_enterprise_viewer 131 netweaver 102 netweaver_application_server_abap 78 businessobjects_business_intelligence_platform 73 netweaver_application_server_java 68 businessobjects_business_intelligence 45 hana 38 solution_manager 33 business_one 31 internet_graphics_server 28 3d_visual_enterprise_author 27 businessobjects 23 netweaver_abap 21 netweaver_process_integration 21 netweaver_enterprise_portal 20 business_objects_business_intelligence_platform 18 commerce_cloud 18 hana_extended_application_services 18 sap_basis 18 s\/4hana 17 disclosure_management 16 host_agent 15 adaptive_server_enterprise 14 enable_now 14 s4core 13 abap_platform 12 customer_relationship_management_webclient_ui 12 netweaver_as_abap 12 sap_db 12 sap_kernel 11
Quick Filters
Critical CVEs With Exploits In CISA KEV