Shodan
Vulnerabilities
Vulnerable Software
Sap:  Security Vulnerabilities
CVE-2014-9594
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734.
CVSS Score
6.5
EPSS Score
0.017
Published
2015-01-15
CVE-2014-9569
Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) roundtrips parameter, aka SAP Security Note 2051285.
CVSS Score
4.3
EPSS Score
0.003
Published
2015-01-07
CVE-2014-9387
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905.
CVSS Score
10.0
EPSS Score
0.058
Published
2014-12-17
CVE-2014-9264
Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias.
CVSS Score
7.5
EPSS Score
0.043
Published
2014-12-11
CVE-2013-3678
Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP-RFC request.
CVSS Score
9.0
EPSS Score
0.02
Published
2014-11-19
CVE-2014-8659
Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.001
Published
2014-11-06
CVE-2014-8660
SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors.
CVSS Score
7.2
EPSS Score
0.002
Published
2014-11-06
CVE-2014-8661
The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors.
CVSS Score
10.0
EPSS Score
0.045
Published
2014-11-06
CVE-2014-8662
Unspecified vulnerability in SAP Payroll Process allows remote attackers to cause a denial of service via vectors related to session handling.
CVSS Score
7.8
EPSS Score
0.005
Published
2014-11-06
CVE-2014-8663
SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.003
Published
2014-11-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved