Sap: Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages.
CVSS Score
4.3
EPSS Score
0.226
Published
2005-11-16
Directory traversal vulnerability in Internet Graphics Server in SAP before 6.40 Patch 11 allows remote attackers to read arbitrary files via ".." sequences in an HTTP GET request.
CVSS Score
5.0
EPSS Score
0.003
Published
2005-07-26
lserver in SAP DB 7.3 and earlier uses the current working directory to find and execute the lserversrv program, which allows local users to gain privileges with a malicious lserversrv that is called from a directory that has a symlink to the lserver program.
CVSS Score
7.2
EPSS Score
0.003
Published
2004-04-15
SAP R/3 2.0B to 4.6D installs several clients with default users and passwords, which allows remote attackers to gain privileges via the (1) SAP*, (2) SAPCPIC, (3) DDIC, (4) EARLYWATCH, or (5) TMSADM accounts.
CVSS Score
7.5
EPSS Score
0.006
Published
2004-04-15
The default installation of SAP R/3, when using Oracle and SQL*net V2 3.x, 4.x, and 6.10, allows remote attackers to obtain arbitrary, sensitive SAP data by directly connecting to the Oracle database and executing queries against the database, which is not password-protected.
CVSS Score
7.5
EPSS Score
0.013
Published
2004-04-15
SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of service (crash) via a connection to a high-numbered port, which generates an "unknown connection data" error.
CVSS Score
5.0
EPSS Score
0.007
Published
2004-04-15
The (1) instdbmsrv and (2) instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver program, which allows local users to gain root privileges via a modified INSTROOT that points to a malicious dbmsrv or lserver program.
CVSS Score
7.2
EPSS Score
0.0
Published
2004-04-15
The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) lserver programs with world-writable permissions, which allows local users to gain privileges by modifying those programs.
CVSS Score
4.6
EPSS Score
0.001
Published
2004-04-15
The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does.
CVSS Score
7.5
EPSS Score
0.004
Published
2004-04-15
Multiple buffer overflows in the AGate component for SAP Internet Transaction Server (ITS) allow remote attackers to execute arbitrary code via long (1) ~command, (2) ~runtimemode, or (3) ~session parameters, or (4) a long HTTP Content-Type header.
CVSS Score
7.5
EPSS Score
0.031
Published
2004-04-15