CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3980
https://notcve.org/view.php?id=CVE-2015-3980
SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534. Vulnerabilidad de inyección SQL en el Framework Business Rules (CRM-BF-BRF) en SAP CRM permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados, también conocida como la nota de seguridad de SAP 2097534. • http://www.onapsis.com/blog/analyzing-sap-security-notes-april-2015-edition http://www.securityfocus.com/bid/74624 http://www.securitytracker.com/id/1032309 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8661
https://notcve.org/view.php?id=CVE-2014-8661
The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors. El módulo SAP CRM Internet Sales permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition http://service.sap.com/sap/support/notes/0002043404 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 0CVE-2014-8669
https://notcve.org/view.php?id=CVE-2014-8669
The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors. El módulo SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) para SAP CRM permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition http://service.sap.com/sap/support/notes/0001835691 http://service.sap.com/sap/support/notes/0001872638 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-1962
https://notcve.org/view.php?id=CVE-2014-1962
Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue. Gwsync en SAP CRM 7.02 EHP 2 permite a atacantes remotos obtener información sensible a través de vectores no especificados, relacionado con un problema de XML External Entity (XXE). • http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/56944 https://erpscan.io/advisories/erpscan-14-003-sap-crm-gwsync-xxe https://exchange.xforce.ibmcloud.com/vulnerabilities/91098 https://service.sap.com/sap/support/notes/1917054 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2013-7095
https://notcve.org/view.php?id=CVE-2013-7095
The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue. El analizador XML (crm_flex_data) en SAP Customer Relationship Management (CRM) 7.02 EHP tiene impacto desconocido y vectores de ataque relacionados problemas con la entidades externas XML (XXE). • http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/56064 http://www.securityfocus.com/bid/64265 http://www.securitytracker.com/id/1029488 https://erpscan.io/advisories/erpscan-13-025-sap-crm-crm_flex_data-xxe https://exchange.xforce.ibmcloud.com/vulnerabilities/89703 https://service.sap.com/sap/support/notes/1909665 •