CVE-2015-3979
https://notcve.org/view.php?id=CVE-2015-3979
Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534. Vulnerabilidad no especificada en el Framework Business Rules (CRM-BF-BRF) en SAP CRM permite a atacantes ejecutar código arbitrario a través de vectores desconocidos, también conocido como la nota de seguridad de SAP 2097534. • http://www.onapsis.com/blog/analyzing-sap-security-notes-april-2015-edition http://www.securityfocus.com/bid/74626 http://www.securitytracker.com/id/1032309 •
CVE-2014-8661
https://notcve.org/view.php?id=CVE-2014-8661
The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors. El módulo SAP CRM Internet Sales permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition http://service.sap.com/sap/support/notes/0002043404 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2014-8669
https://notcve.org/view.php?id=CVE-2014-8669
The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors. El módulo SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) para SAP CRM permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition http://service.sap.com/sap/support/notes/0001835691 http://service.sap.com/sap/support/notes/0001872638 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2014-1962
https://notcve.org/view.php?id=CVE-2014-1962
Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue. Gwsync en SAP CRM 7.02 EHP 2 permite a atacantes remotos obtener información sensible a través de vectores no especificados, relacionado con un problema de XML External Entity (XXE). • http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/56944 https://erpscan.io/advisories/erpscan-14-003-sap-crm-gwsync-xxe https://exchange.xforce.ibmcloud.com/vulnerabilities/91098 https://service.sap.com/sap/support/notes/1917054 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-7095
https://notcve.org/view.php?id=CVE-2013-7095
The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue. El analizador XML (crm_flex_data) en SAP Customer Relationship Management (CRM) 7.02 EHP tiene impacto desconocido y vectores de ataque relacionados problemas con la entidades externas XML (XXE). • http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/56064 http://www.securityfocus.com/bid/64265 http://www.securitytracker.com/id/1029488 https://erpscan.io/advisories/erpscan-13-025-sap-crm-crm_flex_data-xxe https://exchange.xforce.ibmcloud.com/vulnerabilities/89703 https://service.sap.com/sap/support/notes/1909665 •