Page 36 of 413 results (0.010 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-2817 – SAP Management Console Information Disclosure

https://notcve.org/view.php?id=CVE-2015-2817

01 Apr 2015 — The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768. La consola de gestión de SAP en SAP NetWeaver 7.40 permite a atacantes remotos obtener información sensible a través de los parámetros ReadProfile, también conocido como la nota de seguridad de SAP 2091768. The management console of SAP NW version 7.4 suffers from an information disclosure vulnerability. It is possible to get some information... • http://packetstormsecurity.com/files/132359/SAP-Management-Console-Information-Disclosure.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2015-2107

https://notcve.org/view.php?id=CVE-2015-2107

14 Mar 2015 — HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges. HP Operations Manager i Management Pack 1.x anterior a 1.01 para SAP permite a usuarios locales ejecutar comandos de Sistema Operativo aprovechando privilegios de administración SAP • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04588084 • CWE-284: Improper Access Control •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-1309

https://notcve.org/view.php?id=CVE-2015-1309

22 Jan 2015 — XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATT_DISPLAY_XMLSTRING_REMOTE, aka SAP Note 2016638. Vulnerabilidad de entidad externa XML en Extended Computer Aided Test Tool (eCATT) en SAP NetWeaver AS ABAP 7.31 y anteriores permite a atacantes remotos acceder a ficheros arbitrarios a través de una solicitud XML manipulada, relacionado con EC... • http://secunia.com/advisories/62469 •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2014-9569

https://notcve.org/view.php?id=CVE-2014-9569

07 Jan 2015 — Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) roundtrips parameter, aka SAP Security Note 2051285. Múltiples vulnerabilidades de XSS en SAP NetWeaver Business Client (NWBC) para HTML 3.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) title o (2) roundtrips, también conocido como SAP Security Note 2051... • http://secunia.com/advisories/62017 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2014-8663

https://notcve.org/view.php?id=CVE-2014-8663

06 Nov 2014 — SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Data Basis (BW-WHM-DBA) en SAP NetWeaver Business Warehouse permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 1

CVE-2014-8591

https://notcve.org/view.php?id=CVE-2014-8591

04 Nov 2014 — Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors. Vulnerabilidad no especificada en SAP Internet Communication Manager (ICM), utilizado en SAP NetWeaver 7.02 y 7.3, permite a atacantes remotos causar una denegación de servicio (terminación de proceso) a través de vectores desconocidos. • http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition •

CVSS: 7.5EPSS: 9%CPEs: 2EXPL: 0

CVE-2014-8592

https://notcve.org/view.php?id=CVE-2014-8592

04 Nov 2014 — Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request. Vulnerabilidad no especificada en SAP Host Agent, utilizado en SAP NetWeaver 7.02 y 7.3, permite a atacantes remotos causar una denegación de servicio (terminación de proceso) a través de una solicitud manipulada. • http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2014-8590

https://notcve.org/view.php?id=CVE-2014-8590

04 Nov 2014 — XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request. Vulnerabilidad de entidad externa XML (XXE) en Web Service Navigator en SAP NetWeaver Application Server (AS) Java permite a atacantes remotos acceder a ficheros arbitrarios a través de una solicitud manipulada. • http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2014-8587

https://notcve.org/view.php?id=CVE-2014-8587

04 Nov 2014 — SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors. SAPCRYPTOLIB anterior a 5.555.38, SAPSECULIB, y CommonCryptoLib anterior a 8.4.30, utilizados en SAP NetWeaver AS para ABAP y SAP HANA, permiten a atacantes remotos falsificar firmas Digital Signature Algorithm (DSA) a través de vectores no especificados. • http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing • CWE-310: Cryptographic Issues •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2014-8312

https://notcve.org/view.php?id=CVE-2014-8312

16 Oct 2014 — Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function. Business Warehouse (BW) en SAP Netweaver AS ABAP 7.31 permite a usuarios remotos autenticados obtener información sensible a través de peticiones a la función RFC RSDU_CCMS_GET_PROFILE_PARAM. • http://packetstormsecurity.com/files/128603/SAP-Business-Warehouse-Missing-Authorization-Check.html •