Shodan
Vulnerabilities
Vulnerable Software
Sap:  Security Vulnerabilities
CVE-2016-6147
An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226.
CVSS Score
9.8
EPSS Score
0.106
Published
2016-08-05
CVE-2016-6145
The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailed_error_on_connect option is not supported or is configured as "False," which allows remote attackers to enumerate database users via a series of login attempts, aka SAP Security Note 2216869.
CVSS Score
5.3
EPSS Score
0.004
Published
2016-08-05
CVE-2016-6144
The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the password_lock_for_system_user is not supported or is configured as "False," which makes it easier for remote attackers to bypass authentication via a brute force attack, aka SAP Security Note 2216869.
CVSS Score
8.1
EPSS Score
0.009
Published
2016-08-05
CVE-2016-6140
SAP TREX 7.10 Revision 63 allows remote attackers to write to arbitrary files via vectors related to RFC-Gateway, aka SAP Security Note 2203591.
CVSS Score
9.8
EPSS Score
0.098
Published
2016-08-05
CVE-2016-6139
SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.
CVSS Score
9.8
EPSS Score
0.05
Published
2016-08-05
CVE-2016-6138
Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.
CVSS Score
9.8
EPSS Score
0.157
Published
2016-08-05
CVE-2016-3640
The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.091.00.1418659308 allows local users to obtain sensitive password information via vectors related to passwords in Web Dispatcher trace files, aka SAP Security Note 2148905.
CVSS Score
5.5
EPSS Score
0.001
Published
2016-08-05
CVE-2010-5326
Known exploited
The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "Detour" attack.
CVSS Score
10.0
EPSS Score
0.132
Published
2016-05-13
CVE-2016-4017
The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of service (process crash) via unspecified vectors, aka SAP Security Note 2262710.
CVSS Score
7.5
EPSS Score
0.005
Published
2016-04-14
CVE-2016-4018
The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and conduct unspecified other attacks via unspecified vectors, aka SAP Security Note 2262742.
CVSS Score
7.3
EPSS Score
0.004
Published
2016-04-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved