CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

SAP : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-16691 20 2017-12-12 2018-01-04
5.8
None Remote Medium Not required None Partial Partial
SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type 'SAR'. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible to append a tampered file to the SAR archive using SAPCAR tool and during the extraction, digital signature verification fails but the tampered file is extracted.
2 CVE-2017-16690 426 Exec Code 2017-12-12 2017-12-29
6.8
None Remote Medium Not required Partial Partial Partial
A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. It is possible that SAPSetup / NwSapSetup.exe loads system DLLs like DWMAPI.dll (located in your Syswow64 / System32 folder) from the folder the executable is in and not from the system location. The desired behavior is that system dlls are only loaded from the system folders. If a dll with the same name as the system dll is located in the same folder as the executable, this dll is loaded and code is executed.
3 CVE-2017-16689 287 2017-12-12 2018-01-04
6.5
None Remote Low Single system Partial Partial Partial
A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined.
4 CVE-2017-16687 200 +Info 2017-12-12 2018-01-02
5.0
None Remote Low Not required Partial None None
The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts. An unauthenticated user could use the error messages to determine if a given username is valid.
5 CVE-2017-16685 79 XSS 2017-12-12 2017-12-21
4.3
None Remote Medium Not required None Partial None
Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data Integration, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to insufficient encoding of user controlled inputs.
6 CVE-2017-16684 287 2017-12-12 2017-12-22
7.5
None Remote Low Not required Partial Partial Partial
SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity.
7 CVE-2017-16683 DoS 2017-12-12 2017-12-21
4.0
None Remote Low Single system None None Partial
Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service.
8 CVE-2017-16682 94 Exec Code 2017-12-12 2017-12-22
6.5
None Remote Low Single system Partial Partial Partial
SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application.
9 CVE-2017-16681 79 XSS 2017-12-12 2017-12-21
4.3
None Remote Medium Not required None Partial None
Cross-Site Scripting (XSS) vulnerability in SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, 4.30, as user controlled inputs are not sufficiently encoded.
10 CVE-2017-16680 74 2017-12-12 2018-01-04
5.0
None Remote Low Not required None Partial None
Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1) Certain HTTP/REST endpoints of controller service are missing user input validation which could allow unprivileged attackers to forge audit log lines. Hence the interpretation of audit log files could be hindered or misdirected. 2) User Account and Authentication writes audit logs into syslog and additionally writes the same audit entries into a log file. Entries in the log file miss escaping. Hence the interpretation of audit log files could be hindered or misdirected, while the entries in syslog are correct.
11 CVE-2017-16679 601 2017-12-12 2018-01-04
5.8
None Remote Medium Not required Partial Partial None
URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site.
12 CVE-2017-16678 918 2017-12-12 2018-01-02
6.5
None Remote Low Single system Partial Partial Partial
Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application.
13 CVE-2017-15297 287 2017-10-16 2017-11-01
5.0
None Remote Low Not required None None Partial
SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. This is SAP Security Note 2442993.
14 CVE-2017-15296 352 CSRF 2017-10-16 2017-10-25
6.8
None Remote Medium Not required Partial Partial Partial
The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964.
15 CVE-2017-15295 264 2017-10-16 2017-11-01
10.0
None Remote Low Not required Complete Complete Complete
Xpress Server in SAP POS does not require authentication for read/write/delete file access. This is SAP Security Note 2520064.
16 CVE-2017-15294 79 XSS 2017-10-16 2017-10-27
4.3
None Remote Medium Not required None Partial None
The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964.
17 CVE-2017-15293 264 2017-10-16 2017-11-07
10.0
None Remote Low Not required Complete Complete Complete
Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. This is SAP Security Note 2520064.
18 CVE-2017-14581 400 DoS 2017-09-19 2017-10-03
5.0
None Remote Low Not required None None Partial
The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181.
19 CVE-2017-14516 79 XSS 2017-12-03 2017-12-19
4.3
None Remote Medium Not required None Partial None
Cross-Site Scripting (XSS) exists in SAP Business Objects Financial Consolidation before 2017-06-13, aka SAP Security Note 2422292.
20 CVE-2017-14511 20 Bypass 2017-09-17 2017-09-28
5.0
None Remote Low Not required None None Partial
An issue was discovered in SAP E-Recruiting (aka ERECRUIT) 605 through 617. When an external applicant registers to the E-Recruiting application, he/she receives a link by email to confirm access to the provided email address. However, this measure can be bypassed and attackers can register and confirm email addresses that they do not have access to (candidate_hrobject is predictable and corr_act_guid is improperly validated). Furthermore, since an email address can be registered only once, an attacker could prevent other legitimate users from registering. This is SAP Security Note 2507798.
21 CVE-2017-12637 22 Dir. Trav. 2017-08-07 2017-08-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.
22 CVE-2017-11460 79 XSS 2017-07-25 2017-11-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the DataArchivingService servlet in SAP NetWeaver Portal 7.4 allows remote attackers to inject arbitrary web script or HTML via the responsecode parameter to shp/shp_result.jsp, aka SAP Security Note 2308535.
23 CVE-2017-11459 94 Exec Code 2017-07-25 2017-07-31
7.5
None Remote Low Not required Partial Partial Partial
SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592.
24 CVE-2017-11458 79 XSS 2017-07-25 2017-08-26
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783.
25 CVE-2017-11457 611 2017-07-25 2017-08-26
4.0
None Remote Low Single system Partial None None
XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249.
26 CVE-2017-10701 79 XSS 2017-09-28 2017-10-06
4.3
None Remote Medium Not required None Partial None
Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516.
27 CVE-2017-9845 400 DoS 2017-07-12 2017-07-21
7.8
None Remote Low Not required None None Complete
disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918.
28 CVE-2017-9844 502 DoS Exec Code 2017-07-12 2017-07-21
7.5
None Remote Low Not required Partial Partial Partial
SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804.
29 CVE-2017-9843 264 DoS 2017-07-12 2017-07-20
4.0
None Remote Low Single system None None Partial
SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service (process crash) via vectors involving disp+work.exe, aka SAP Security Note 2406841.
30 CVE-2017-9613 79 XSS 2017-06-15 2017-09-15
3.5
None Remote Medium Single system None Partial None
Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality.
31 CVE-2017-8915 20 DoS 2017-05-23 2017-06-08
5.0
None Remote Low Not required None None Partial
sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service (assertion failure and service crash) by pushing a package with a filename containing a $ (dollar sign) or % (percent) character, aka SAP Security Note 2407694.
32 CVE-2017-8914 284 2017-05-23 2017-06-08
7.5
None Remote Low Not required Partial Partial Partial
sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694.
33 CVE-2017-8913 611 2017-05-23 2017-06-01
6.5
None Remote Low Single system Partial Partial Partial
The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873.
34 CVE-2017-8852 119 Overflow 2017-05-10 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note 2441560.
35 CVE-2017-7717 89 Exec Code Sql 2017-04-14 2017-08-09
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504.
36 CVE-2017-7696 399 DoS 2017-04-14 2017-04-25
5.0
None Remote Low Not required None None Partial
SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service (memory consumption) via large values in the width and height parameters to otp_logon_ui_resources/qr, aka SAP Security Note 2389042.
37 CVE-2017-7691 94 2017-04-11 2017-04-17
7.5
None Remote Low Not required Partial Partial Partial
A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592.
38 CVE-2017-6950 284 Exec Code Bypass 2017-03-23 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616.
39 CVE-2017-6061 79 XSS 2017-03-16 2017-03-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET request. /finance/help/en/frameset.htm is the URI for this component. The vendor response is SAP Security Note 2368106.
40 CVE-2017-5997 399 DoS 2017-02-15 2017-02-23
5.0
None Remote Low Not required None None Partial
The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972.
41 CVE-2017-5372 200 +Info 2017-01-23 2017-01-25
5.0
None Remote Low Not required Partial None None
The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic, or (5) getClientStatistic function, aka SAP Security Note 2331908.
42 CVE-2016-10311 119 DoS Overflow 2017-04-10 2017-04-18
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238.
43 CVE-2016-10310 119 DoS Overflow 2017-04-10 2017-04-14
4.0
None Remote Low Single system None None Partial
Buffer overflow in the MobiLink Synchronization Server component in SAP SQL Anywhere 17 and possibly earlier allows remote authenticated users to cause a denial of service (resource consumption and process crash) by sending a crafted packet several times, aka SAP Security Note 2308778.
44 CVE-2016-10304 502 DoS 2017-04-10 2017-04-14
4.0
None Remote Low Single system None None Partial
The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service (out-of-memory error and service instability) via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788.
45 CVE-2016-10079 20 DoS 2017-02-01 2017-02-27
5.0
None Remote Low Not required None None Partial
SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515.
46 CVE-2016-10005 200 +Info 2016-12-19 2016-12-30
5.0
None Remote Low Not required Partial None None
Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to obtain sensitive information via webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd requests, aka SAP Security Note 2344524.
47 CVE-2016-9563 284 2016-11-22 2016-11-29
6.0
None Remote Medium Single system Partial Partial Partial
BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP Security Note 2296909.
48 CVE-2016-9562 476 DoS 2016-11-22 2017-01-12
5.0
None Remote Low Not required None None Partial
SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835.
49 CVE-2016-7437 2016-10-13 2016-10-13
2.1
None Local Low Not required None Partial None
SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 2252312.
50 CVE-2016-7435 264 Exec Code 2016-10-05 2016-11-28
9.0
None Remote Low Single system Complete Complete Complete
The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security Note 2260344.
Total number of vulnerabilities : 376   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.