Shodan
Vulnerabilities
Vulnerable Software
Sap:  Security Vulnerabilities
CVE-2015-3994
The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818.
CVSS Score
4.0
EPSS Score
0.003
Published
2015-05-29
CVE-2015-4092
Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, aka SAP Security Note 2153690.
CVSS Score
7.5
EPSS Score
0.021
Published
2015-05-26
CVE-2015-4091
XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tc~sld~wd~main/Main, related to "CIM UPLOAD," aka SAP Security Note 2090851.
CVSS Score
7.5
EPSS Score
0.01
Published
2015-05-26
CVE-2015-3981
SAP NetWeaver RFC SDK allows attackers to obtain sensitive information via unspecified vectors, aka SAP Security Note 2084037.
CVSS Score
5.0
EPSS Score
0.003
Published
2015-05-12
CVE-2015-3980
SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534.
CVSS Score
7.5
EPSS Score
0.002
Published
2015-05-12
CVE-2015-3979
Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534.
CVSS Score
7.5
EPSS Score
0.007
Published
2015-05-12
CVE-2015-3978
SAP Sybase Unwired Platform Online Data Proxy allows local users to obtain usernames and passwords via the DataVault, aka SAP Security Note 2094830.
CVSS Score
2.1
EPSS Score
0.001
Published
2015-05-12
CVE-2015-2820
Buffer overflow in XcListener in SAP Afaria 7.0.6001.5 allows remote attackers to cause a denial of service (process termination) via a crafted request, aka SAP Security Note 2132584.
CVSS Score
5.0
EPSS Score
0.039
Published
2015-04-01
CVE-2015-2819
SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a denial of service (crash) via a crafted request, aka SAP Security Note 2108161.
CVSS Score
5.0
EPSS Score
0.033
Published
2015-04-01
CVE-2015-2818
XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125513.
CVSS Score
5.0
EPSS Score
0.004
Published
2015-04-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved