Shodan
Vulnerabilities
Vulnerable Software
Sap:  Security Vulnerabilities
CVE-2014-8311
SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener.
CVSS Score
3.5
EPSS Score
0.004
Published
2014-10-16
CVE-2014-8312
Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function.
CVSS Score
3.5
EPSS Score
0.005
Published
2014-10-16
CVE-2014-6252
Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors.
CVSS Score
6.5
EPSS Score
0.022
Published
2014-09-05
CVE-2014-5505
Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file.
CVSS Score
6.8
EPSS Score
0.065
Published
2014-09-04
CVE-2014-5506
Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file.
CVSS Score
6.8
EPSS Score
0.021
Published
2014-09-04
CVE-2014-5171
SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network.
CVSS Score
2.9
EPSS Score
0.004
Published
2014-07-31
CVE-2014-5172
Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.005
Published
2014-07-31
CVE-2014-5173
SAP HANA Extend Application Services (XS) allows remote attackers to bypass access restrictions via a request to a private IU5 SDK application that was once public.
CVSS Score
5.0
EPSS Score
0.004
Published
2014-07-31
CVE-2014-5174
The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVSS Score
3.5
EPSS Score
0.004
Published
2014-07-31
CVE-2014-5175
The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS.
CVSS Score
7.5
EPSS Score
0.007
Published
2014-07-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved