sap

1,577 tracked vulnerabilities.

CVE-2017-6061 MEDIUM
SAP BusinessObjects Financial Consolidation 10.0.0.1933 - Cross-Site Scripting in Help Component
Mar 16, 2017
CVSS 4.7
EPSS 0.02
CVE-2017-5997 HIGH
SAP KERNEL 7.21-7.49 - Denial of Service via Crafted Group Parameter in Message Server HTTP Daemon
Feb 15, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-5372 HIGH
SAP NetWeaver AS Java - Unauthenticated Sensitive Information Exposure via MSPRuntimeInterface Functions
Jan 23, 2017
CVSS 7.5
EPSS 0.04
CVE-2016-6256 CRITICAL
SAP Business One for Android <1.2.3 - XSS
May 26, 2017
CVSS 9.6
EPSS 0.08
CVE-2016-6818 CRITICAL
SAP Business Intelligence Platform - SQL Injection
Apr 13, 2017
CVSS 9.8
EPSS 0.02
CVE-2016-6143 CRITICAL
SAP HANA DB <1.00.73.00.389160 - RCE
Apr 13, 2017
CVSS 9.8
EPSS 0.04
CVE-2016-10311 CRITICAL
SAP NetWeaver 7.0-7.5 - Denial of Service via SAPSTARTSRV Port Crafted Packet
Apr 10, 2017
CVSS 9.8
EPSS 0.02
CVE-2016-10310 MEDIUM
SAP SQL Anywhere < 17.0 - Authenticated Denial of Service via MobiLink Synchronization Server Packet
Apr 10, 2017
CVSS 4.9
EPSS 0.02
CVE-2016-10304 MEDIUM
SAP NetWeaver AS JAVA 7.5 - Authenticated Denial of Service via Deserialization in EP-RUNTIME Component
Apr 10, 2017
CVSS 6.5
EPSS 0.02
CVE-2016-10079 HIGH
SAPlpd < 7400.3.11.33 - Denial of Service via Long String to TCP Port 515
Feb 01, 2017
CVSS 7.5
EPSS 0.06
CVE-2016-6859 MEDIUM
SAP Hybris - Information Disclosure via Java Stack Trace
Dec 31, 2016
CVSS 4.3
EPSS 0.01
CVE-2016-6858 MEDIUM
SAP Hybris < 5.0.4.11 - Authenticated Cross-Site Scripting in Create Employee Name Field
Dec 31, 2016
CVSS 5.4
EPSS 0.01
CVE-2016-6857 MEDIUM
SAP Hybris < 5.2.0.13 - Authenticated Cross-Site Scripting in Create Catalogue ID Field
Dec 31, 2016
CVSS 5.4
EPSS 0.01
CVE-2016-6856 MEDIUM
SAP Hybris < 5.6.0.10 - Cross-Site Scripting via Inbox Search Itemsperpage Parameter
Dec 31, 2016
CVSS 6.1
EPSS 0.01
CVE-2016-10005 HIGH
SAP Solution Manager 7.1-7.31 - Information Disclosure via Webdynpro Dispatcher
Dec 19, 2016
CVSS 7.5
EPSS 0.02
CVE-2016-3685 MEDIUM
SAP Download Manager <2.1.142 - Info Disclosure
Dec 14, 2016
CVSS 4.7
EPSS 0.00
CVE-2016-3684 MEDIUM
SAP Download Manager <2.1.142 - Info Disclosure
Dec 14, 2016
CVSS 4.7
EPSS 0.00
CVE-2016-9563 MEDIUM KEV
SAP NetWeaver AS JAVA 7.5 - Authenticated XML External Entity Injection via BPEM UWL Connection Provider
Nov 23, 2016
CVSS 6.5
EPSS 0.24
CVE-2016-9562 HIGH
SAP NetWeaver AS JAVA 7.4 - Denial of Service via HTTPS Request to sap.com~P4TunnelingApp!web/myServlet
Nov 23, 2016
CVSS 7.5
EPSS 0.04
CVE-2016-7437 LOW
SAP Netweaver 7.40 - Local Info Disclosure
Oct 13, 2016
CVSS 3.3
EPSS 0.00
CVE-2016-4407 MEDIUM
SAP SAPCRYPTOLIB <5.555.38 - Privilege Escalation
Oct 13, 2016
CVSS 6.5
EPSS 0.01
CVE-2016-3946 HIGH
SAP Console <7.30 - Info Disclosure
Oct 13, 2016
CVSS 7.8
EPSS 0.00
CVE-2016-3638 MEDIUM
SAP SLD Registration - Denial of Service via HOST Parameter
Oct 13, 2016
CVSS 5.5
EPSS 0.00
CVE-2016-3635 HIGH
SAP NetWeaver 7.4 - Authenticated Unified Connectivity Access Control Bypass via Communication Assembly RFM
Oct 13, 2016
CVSS 7.5
EPSS 0.02
CVE-2016-7435 CRITICAL
SAP NetWeaver 7.40 SP 12 - Authenticated Remote Code Execution via SCTC Subpackage CALL 'SYSTEM' Statement
Oct 05, 2016
CVSS 9.1
EPSS 0.03