Shodan
Vulnerabilities
Vulnerable Software
Sap:  Security Vulnerabilities
CVE-2016-6138
Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.
CVSS Score
9.8
EPSS Score
0.203
Published
2016-08-05
CVE-2016-3640
The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.091.00.1418659308 allows local users to obtain sensitive password information via vectors related to passwords in Web Dispatcher trace files, aka SAP Security Note 2148905.
CVSS Score
5.5
EPSS Score
0.001
Published
2016-08-05
CVE-2010-5326
Known exploited
The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "Detour" attack.
CVSS Score
10.0
EPSS Score
0.264
Published
2016-05-13
CVE-2016-4017
The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of service (process crash) via unspecified vectors, aka SAP Security Note 2262710.
CVSS Score
7.5
EPSS Score
0.005
Published
2016-04-14
CVE-2016-4018
The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and conduct unspecified other attacks via unspecified vectors, aka SAP Security Note 2262742.
CVSS Score
7.3
EPSS Score
0.004
Published
2016-04-14
CVE-2016-4016
Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remote attackers to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xapps~xmii~ui~admin~navigation/NavigationApplication, aka SAP Security Note 2201295.
CVSS Score
6.1
EPSS Score
0.005
Published
2016-04-14
CVE-2016-4015
The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784.
CVSS Score
7.5
EPSS Score
0.03
Published
2016-04-14
CVE-2016-4014
XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389.
CVSS Score
8.6
EPSS Score
0.069
Published
2016-04-14
CVE-2016-3980
The Java Startup Framework (aka jstart) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted HTTP request, aka SAP Security Note 2259547.
CVSS Score
7.5
EPSS Score
0.033
Published
2016-04-08
CVE-2016-3979
Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (heap memory corruption and process crash) via a crafted HTTP request, related to the IctParseCookies function, aka SAP Security Note 2256185.
CVSS Score
7.5
EPSS Score
0.037
Published
2016-04-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved