Shodan
Vulnerabilities
Vulnerable Software
Sap:  Security Vulnerabilities
CVE-2015-2817
The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768.
CVSS Score
5.0
EPSS Score
0.004
Published
2015-04-01
CVE-2015-2816
The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict access, which allows remote attackers to have unspecified impact via a crafted request, aka SAP Security Note 2134905.
CVSS Score
7.5
EPSS Score
0.008
Published
2015-04-01
CVE-2015-2815
Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369.
CVSS Score
6.5
EPSS Score
0.035
Published
2015-04-01
CVE-2015-2814
SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079.
CVSS Score
6.4
EPSS Score
0.005
Published
2015-04-01
CVE-2015-2812
XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966.
CVSS Score
5.0
EPSS Score
0.006
Published
2015-04-01
CVE-2015-2813
XML external entity (XXE) vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358.
CVSS Score
5.0
EPSS Score
0.005
Published
2015-04-01
CVE-2015-2811
XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939.
CVSS Score
5.0
EPSS Score
0.007
Published
2015-04-01
CVE-2015-2107
HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges.
CVSS Score
6.8
EPSS Score
0.0
Published
2015-03-14
CVE-2015-2076
The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395.
CVSS Score
5.0
EPSS Score
0.004
Published
2015-02-27
CVE-2015-2075
SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396.
CVSS Score
5.0
EPSS Score
0.012
Published
2015-02-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved