Shodan
Vulnerabilities
Vulnerable Software
Sap:  Security Vulnerabilities
CVE-2015-5068
XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security Note 2159601.
CVSS Score
7.5
EPSS Score
0.01
Published
2015-06-24
CVE-2015-5067
The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982.
CVSS Score
7.5
EPSS Score
0.016
Published
2015-06-24
CVE-2015-4161
SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690.
CVSS Score
7.5
EPSS Score
0.005
Published
2015-06-02
CVE-2015-4160
SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278.
CVSS Score
7.5
EPSS Score
0.003
Published
2015-06-02
CVE-2015-4159
SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892.
CVSS Score
7.5
EPSS Score
0.003
Published
2015-06-02
CVE-2015-4158
SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661.
CVSS Score
5.0
EPSS Score
0.005
Published
2015-06-02
CVE-2015-4157
SAP Content Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2127995.
CVSS Score
5.0
EPSS Score
0.005
Published
2015-06-02
CVE-2015-2282
Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316.
CVSS Score
7.5
EPSS Score
0.009
Published
2015-06-02
CVE-2015-2278
The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to look-ups of non-simple codes, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316.
CVSS Score
5.0
EPSS Score
0.007
Published
2015-06-02
CVE-2015-3995
SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565.
CVSS Score
4.0
EPSS Score
0.003
Published
2015-05-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved