Shodan
Vulnerabilities
Vulnerable Software
Sap:  Security Vulnerabilities
CVE-2015-7992
SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to cause a denial of service (memory corruption and indexserver crash) via unspecified vectors to the EXECUTE_SEARCH_RULE_SET stored procedure, aka SAP Security Note 2175928.
CVSS Score
4.0
EPSS Score
0.004
Published
2015-11-10
CVE-2015-7991
The Web Dispatcher service in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to read web dispatcher and security trace files and possibly obtain passwords via unspecified vectors, aka SAP Security Note 2148854.
CVSS Score
5.0
EPSS Score
0.002
Published
2015-11-10
CVE-2015-7828
SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitrary code or have unspecified other impact via a TrexNet packet to the (1) fcopydir, (2) fmkdir, (3) frmdir, (4) getenv, (5) dumpenv, (6) fcopy, (7) fput, (8) fdel, (9) fmove, (10) fget, (11) fappend, (12) fdir, (13) getTraces, (14) kill, (15) pexec, (16) stop, or (17) pythonexec method, aka SAP Security Note 2165583.
CVSS Score
10.0
EPSS Score
0.036
Published
2015-11-10
CVE-2015-8030
SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted (1) U3D, (2) LWO, (3) JPEG2000, or (4) FBX file, aka "Out-Of-Bounds Indexing" vulnerabilities.
CVSS Score
6.8
EPSS Score
0.031
Published
2015-10-30
CVE-2015-8029
SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted Filmbox document, which triggers memory corruption.
CVSS Score
6.8
EPSS Score
0.03
Published
2015-10-30
CVE-2015-8028
Multiple buffer overflows in SAP 3D Visual Enterprise Viewer (VEV) allow remote attackers to execute arbitrary code via a crafted (1) 3DM or (2) Flic Animation file.
CVSS Score
6.8
EPSS Score
0.124
Published
2015-10-30
CVE-2015-7986
The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 2197428.
CVSS Score
7.5
EPSS Score
0.258
Published
2015-10-27
CVE-2015-7730
SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108.
CVSS Score
10.0
EPSS Score
0.019
Published
2015-10-15
CVE-2015-7729
Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892.
CVSS Score
6.5
EPSS Score
0.005
Published
2015-10-15
CVE-2015-7727
Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the (1) trace configuration page or (2) getSqlTraceConfiguration function, aka SAP Security Note 2153898.
CVSS Score
6.5
EPSS Score
0.006
Published
2015-10-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved