Sap: Security Vulnerabilities
SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVSS Score
6.0
EPSS Score
0.016
Published
2014-07-31
Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) sap-accessibility parameter.
CVSS Score
4.3
EPSS Score
0.004
Published
2014-06-13
Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web script or HTML via the url parameter.
CVSS Score
4.3
EPSS Score
0.003
Published
2014-06-13
Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.
CVSS Score
5.8
EPSS Score
0.003
Published
2014-06-13
SAP Brazil add-on has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.004
Published
2014-06-09
The SAP Trader's and Scheduler's Workbench (TSW) for SAP Oil & Gas has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.004
Published
2014-06-09
The SAP Upgrade tools for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.003
Published
2014-06-09
SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.003
Published
2014-06-09
SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.003
Published
2014-06-09
SAP Transaction Data Pool has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.003
Published
2014-06-09