Shodan
Vulnerabilities
Vulnerable Software
Sap:  Security Vulnerabilities
CVE-2015-3979
Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534.
CVSS Score
7.5
EPSS Score
0.007
Published
2015-05-12
CVE-2015-3978
SAP Sybase Unwired Platform Online Data Proxy allows local users to obtain usernames and passwords via the DataVault, aka SAP Security Note 2094830.
CVSS Score
2.1
EPSS Score
0.001
Published
2015-05-12
CVE-2015-2820
Buffer overflow in XcListener in SAP Afaria 7.0.6001.5 allows remote attackers to cause a denial of service (process termination) via a crafted request, aka SAP Security Note 2132584.
CVSS Score
5.0
EPSS Score
0.039
Published
2015-04-01
CVE-2015-2819
SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a denial of service (crash) via a crafted request, aka SAP Security Note 2108161.
CVSS Score
5.0
EPSS Score
0.033
Published
2015-04-01
CVE-2015-2818
XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125513.
CVSS Score
5.0
EPSS Score
0.004
Published
2015-04-01
CVE-2015-2817
The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768.
CVSS Score
5.0
EPSS Score
0.004
Published
2015-04-01
CVE-2015-2816
The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict access, which allows remote attackers to have unspecified impact via a crafted request, aka SAP Security Note 2134905.
CVSS Score
7.5
EPSS Score
0.008
Published
2015-04-01
CVE-2015-2815
Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369.
CVSS Score
6.5
EPSS Score
0.035
Published
2015-04-01
CVE-2015-2814
SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079.
CVSS Score
6.4
EPSS Score
0.005
Published
2015-04-01
CVE-2015-2812
XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966.
CVSS Score
5.0
EPSS Score
0.006
Published
2015-04-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved