CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

SAP : Security Vulnerabilities (CVSS score between 2 and 2.99)

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-0381 552 2019-10-08 2019-10-15
2.1
 None Local Low Not required Partial None None
A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user.
2 CVE-2019-0353 200 +Info 2019-09-10 2019-09-10
2.1
 None Local Low Not required Partial None None
Under certain conditions SAP Business One client (B1_ON_HANA, SAP-M-BO), before versions 9.2 and 9.3, allows an attacker to access information which would otherwise be restricted.
3 CVE-2019-0307 255 +Priv 2019-06-12 2019-06-12
2.7
 None Local Network Low Single system Partial None None
Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user connection as well as Solman user communication in the SAP Secure Storage file which is not encrypted by default. By decoding these credentials, an attacker with admin privileges could gain access to the entire configuration, but no system sensitive information can be gained.
4 CVE-2019-0291 200 +Info 2019-05-14 2019-05-15
2.1
 None Local Low Not required Partial None None
Under certain conditions Solution Manager, version 7.2, allows an attacker to access information which would otherwise be restricted.
5 CVE-2018-2440 532 2018-07-10 2018-09-06
2.1
 None Local Low Not required Partial None None
Under certain circumstances SAP Dynamic Authorization Management (DAM) by NextLabs (Java Policy Controller versions 7.7 and 8.5) exposes sensitive information in the application logs.
6 CVE-2018-2425 200 +Info 2018-06-12 2019-10-09
2.1
 None Local Low Not required Partial None None
Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted.
7 CVE-2016-7437 2016-10-13 2016-10-13
2.1
 None Local Low Not required None Partial None
SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 2252312.
8 CVE-2016-6149 200 +Info 2016-08-05 2016-11-28
2.1
 None Local Low Not required Partial None None
SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain sensitive information by leveraging the EXPORT statement to export files, aka SAP Security Note 2252941.
9 CVE-2016-5845 DoS 2016-08-12 2018-10-09
2.1
 None Local Low Not required None None Partial
SAP SAPCAR does not check the return value of file operations when extracting files, which allows remote attackers to cause a denial of service (program crash) via an invalid file name in an archive file, aka SAP Security Note 2312905.
10 CVE-2016-3640 200 +Info 2016-08-05 2016-08-11
2.1
 None Local Low Not required Partial None None
The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.091.00.1418659308 allows local users to obtain sensitive password information via vectors related to passwords in Web Dispatcher trace files, aka SAP Security Note 2148905.
11 CVE-2016-3638 119 DoS Overflow Mem. Corr. 2016-10-13 2016-10-14
2.1
 None Local Low Not required None None Partial
SAP SLD Registration Program (aka SLDREG) allows local users to cause a denial of service (memory corruption and process termination) via a crafted HOST parameter, aka SAP Security Note 2125623.
12 CVE-2015-3978 200 +Info 2015-05-12 2018-12-10
2.1
 None Local Low Not required Partial None None
SAP Sybase Unwired Platform Online Data Proxy allows local users to obtain usernames and passwords via the DataVault, aka SAP Security Note 2094830.
13 CVE-2014-5171 310 +Info 2014-07-31 2018-10-09
2.9
 None Local Network Medium Not required Partial None None
SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network.
Total number of vulnerabilities : 13   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.