|
|
SAP : Security Vulnerabilities (CVSS score between 2 and 2.99)
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-2440 |
532 |
|
|
2018-07-10 |
2018-09-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Under certain circumstances SAP Dynamic Authorization Management (DAM) by NextLabs (Java Policy Controller versions 7.7 and 8.5) exposes sensitive information in the application logs. |
|
2 |
CVE-2018-2425 |
200 |
|
+Info |
2018-06-12 |
2018-08-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted. |
|
3 |
CVE-2016-7437 |
|
|
|
2016-10-13 |
2016-10-13 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 2252312. |
|
4 |
CVE-2016-6149 |
200 |
|
+Info |
2016-08-05 |
2016-11-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain sensitive information by leveraging the EXPORT statement to export files, aka SAP Security Note 2252941. |
|
5 |
CVE-2016-5845 |
|
|
DoS |
2016-08-12 |
2018-10-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
SAP SAPCAR does not check the return value of file operations when extracting files, which allows remote attackers to cause a denial of service (program crash) via an invalid file name in an archive file, aka SAP Security Note 2312905. |
|
6 |
CVE-2016-3640 |
200 |
|
+Info |
2016-08-05 |
2016-08-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.091.00.1418659308 allows local users to obtain sensitive password information via vectors related to passwords in Web Dispatcher trace files, aka SAP Security Note 2148905. |
|
7 |
CVE-2016-3638 |
119 |
|
DoS Overflow Mem. Corr. |
2016-10-13 |
2016-10-14 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
SAP SLD Registration Program (aka SLDREG) allows local users to cause a denial of service (memory corruption and process termination) via a crafted HOST parameter, aka SAP Security Note 2125623. |
|
8 |
CVE-2015-3978 |
200 |
|
+Info |
2015-05-12 |
2017-01-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
SAP Sybase Unwired Platform Online Data Proxy allows local users to obtain usernames and passwords via the DataVault, aka SAP Security Note 2094830. |
|
9 |
CVE-2014-5171 |
310 |
|
+Info |
2014-07-31 |
2018-10-09 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
|
SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network. |
Total number of vulnerabilities : 9
Page :
1
(This Page)
|
|
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE's CVE web site.
CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE's CWE web site.
OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user's risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.
