Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2013-6869

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-23 Nov, 2013 | 19:00
Updated At-06 Aug, 2024 | 17:53
Rejected At-
Credits

SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:23 Nov, 2013 | 19:00
Updated At:06 Aug, 2024 | 17:53
Rejected At:
▼CVE Numbering Authority (CNA)

SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securitytracker.com/id/1029352
vdb-entry
x_refsource_SECTRACK
https://service.sap.com/sap/support/notes/1783795
x_refsource_CONFIRM
https://erpscan.io/advisories/erpscan-13-017-sap-netweaver-srtt_get_count_before_key_rfc-sql-injection/
x_refsource_MISC
http://scn.sap.com/docs/DOC-8218
x_refsource_CONFIRM
http://secunia.com/advisories/55736
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securitytracker.com/id/1029352
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://service.sap.com/sap/support/notes/1783795
Resource:
x_refsource_CONFIRM
Hyperlink: https://erpscan.io/advisories/erpscan-13-017-sap-netweaver-srtt_get_count_before_key_rfc-sql-injection/
Resource:
x_refsource_MISC
Hyperlink: http://scn.sap.com/docs/DOC-8218
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/55736
Resource:
third-party-advisory
x_refsource_SECUNIA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securitytracker.com/id/1029352
vdb-entry
x_refsource_SECTRACK
x_transferred
https://service.sap.com/sap/support/notes/1783795
x_refsource_CONFIRM
x_transferred
https://erpscan.io/advisories/erpscan-13-017-sap-netweaver-srtt_get_count_before_key_rfc-sql-injection/
x_refsource_MISC
x_transferred
http://scn.sap.com/docs/DOC-8218
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/55736
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securitytracker.com/id/1029352
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://service.sap.com/sap/support/notes/1783795
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://erpscan.io/advisories/erpscan-13-017-sap-netweaver-srtt_get_count_before_key_rfc-sql-injection/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://scn.sap.com/docs/DOC-8218
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/55736
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:23 Nov, 2013 | 19:55
Updated At:29 Apr, 2026 | 01:13

SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches

SAP SE
sap
>>netweaver>>7.30
cpe:2.3:a:sap:netweaver:7.30:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Primarynvd@nist.gov
CWE ID: CWE-89
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://scn.sap.com/docs/DOC-8218cve@mitre.org
N/A
http://secunia.com/advisories/55736cve@mitre.org
Vendor Advisory
http://www.securitytracker.com/id/1029352cve@mitre.org
N/A
https://erpscan.io/advisories/erpscan-13-017-sap-netweaver-srtt_get_count_before_key_rfc-sql-injection/cve@mitre.org
N/A
https://service.sap.com/sap/support/notes/1783795cve@mitre.org
N/A
http://scn.sap.com/docs/DOC-8218af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/55736af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securitytracker.com/id/1029352af854a3a-2127-422b-91ae-364da2661108
N/A
https://erpscan.io/advisories/erpscan-13-017-sap-netweaver-srtt_get_count_before_key_rfc-sql-injection/af854a3a-2127-422b-91ae-364da2661108
N/A
https://service.sap.com/sap/support/notes/1783795af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://scn.sap.com/docs/DOC-8218
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/55736
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.securitytracker.com/id/1029352
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://erpscan.io/advisories/erpscan-13-017-sap-netweaver-srtt_get_count_before_key_rfc-sql-injection/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://service.sap.com/sap/support/notes/1783795
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://scn.sap.com/docs/DOC-8218
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/55736
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securitytracker.com/id/1029352
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://erpscan.io/advisories/erpscan-13-017-sap-netweaver-srtt_get_count_before_key_rfc-sql-injection/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://service.sap.com/sap/support/notes/1783795
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

7666Records found

CVE-2017-6950
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.79% / 88.66%
||
7 Day CHG~0.00%
Published-23 Mar, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616.

Action-Not Available
Vendor-n/aSAP SE
Product-gui_for_windowsn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2002-1577
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.32% / 67.31%
||
7 Day CHG~0.00%
Published-16 Mar, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP R/3 2.0B to 4.6D installs several clients with default users and passwords, which allows remote attackers to gain privileges via the (1) SAP*, (2) SAPCPIC, (3) DDIC, (4) EARLYWATCH, or (5) TMSADM accounts.

Action-Not Available
Vendor-n/aSAP SE
Product-sap_r_3n/a
CVE-2002-1578
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.66% / 83.88%
||
7 Day CHG~0.00%
Published-16 Mar, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default installation of SAP R/3, when using Oracle and SQL*net V2 3.x, 4.x, and 6.10, allows remote attackers to obtain arbitrary, sensitive SAP data by directly connecting to the Oracle database and executing queries against the database, which is not password-protected.

Action-Not Available
Vendor-n/aSAP SE
Product-sap_r_3n/a
CVE-2017-16684
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-9.8||CRITICAL
EPSS-2.50% / 82.76%
||
7 Day CHG~0.00%
Published-12 Dec, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity.

Action-Not Available
Vendor-SAP SE
Product-business_intelligence_promotion_management_applicationSAP Business Intelligence Promotion Management Application
CWE ID-CWE-287
Improper Authentication
CVE-2017-9844
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.51% / 91.84%
||
7 Day CHG~0.00%
Published-12 Jul, 2017 | 16:00
Updated-02 May, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804. NOTE: The vendor states that the devserver package of Visual Composer deserializes a malicious object that may cause legitimate users accessing a service, either by crashing or flooding the service.

Action-Not Available
Vendor-n/aSAP SE
Product-netweavern/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-37535
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-10||CRITICAL
EPSS-1.21% / 64.77%
||
7 Day CHG~0.00%
Published-14 Sep, 2021 | 11:21
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.

Action-Not Available
Vendor-SAP SE
Product-netweaver_application_server_javaSAP NetWeaver Application Server Java (JMS Connector Service)
CWE ID-CWE-862
Missing Authorization
CVE-2017-11459
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.35% / 81.66%
||
7 Day CHG~0.00%
Published-25 Jul, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592.

Action-Not Available
Vendor-n/aSAP SE
Product-trexn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2017-8914
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.3||HIGH
EPSS-1.49% / 70.94%
||
7 Day CHG~0.00%
Published-23 May, 2017 | 03:56
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694.

Action-Not Available
Vendor-n/aSAP SE
Product-hana_xsn/a
CVE-2016-6143
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.65% / 88.22%
||
7 Day CHG~0.00%
Published-13 Apr, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806.

Action-Not Available
Vendor-n/aSAP SE
Product-hanan/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-6150
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.88% / 85.14%
||
7 Day CHG~0.00%
Published-05 Aug, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended access restrictions and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2233550.

Action-Not Available
Vendor-n/aSAP SE
Product-hanan/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-4018
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.96% / 57.08%
||
7 Day CHG~0.00%
Published-14 Apr, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and conduct unspecified other attacks via unspecified vectors, aka SAP Security Note 2262742.

Action-Not Available
Vendor-n/aSAP SE
Product-hanan/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-1928
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.25% / 92.70%
||
7 Day CHG~0.00%
Published-20 Jan, 2016 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security Note 2241978.

Action-Not Available
Vendor-n/aSAP SE
Product-hanan/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-10311
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.23% / 80.60%
||
7 Day CHG~0.00%
Published-10 Apr, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238.

Action-Not Available
Vendor-n/aSAP SE
Product-netweavern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7994
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.43% / 87.47%
||
7 Day CHG~0.00%
Published-10 Nov, 2015 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SQL interface in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "SQL Login," aka SAP Security Note 2197428.

Action-Not Available
Vendor-n/aSAP SE
Product-hanan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7993
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.72% / 88.44%
||
7 Day CHG~0.00%
Published-10 Nov, 2015 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "HTTP Login," aka SAP Security Note 2197397.

Action-Not Available
Vendor-n/aSAP SE
Product-hanan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-8600
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.43% / 69.67%
||
7 Day CHG~0.00%
Published-17 Dec, 2015 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SysAdminWebTool servlets in SAP Mobile Platform allow remote attackers to bypass authentication and obtain sensitive information, gain privileges, or have unspecified other impact via unknown vectors, aka SAP Security Note 2227855.

Action-Not Available
Vendor-n/aSAP SE
Product-mobile_platformn/a
CVE-2015-7986
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.24% / 92.69%
||
7 Day CHG~0.00%
Published-27 Oct, 2015 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 2197428.

Action-Not Available
Vendor-n/aSAP SE
Product-hanan/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7241
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-12.43% / 95.72%
||
7 Day CHG~0.00%
Published-06 Sep, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.

Action-Not Available
Vendor-n/aSAP SE
Product-netweavern/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2015-5067
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.63% / 83.64%
||
7 Day CHG~0.00%
Published-24 Jun, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982.

Action-Not Available
Vendor-n/aSAP SE
Product-netweavern/a
CVE-2015-5068
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.89% / 85.17%
||
7 Day CHG~0.00%
Published-24 Jun, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security Note 2159601.

Action-Not Available
Vendor-n/aSAP SE
Product-mobile_platformn/a
CVE-2015-4161
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.44% / 69.92%
||
7 Day CHG~0.00%
Published-02 Jun, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690.

Action-Not Available
Vendor-n/aSAP SE
Product-afarian/a
CVE-2015-4091
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.93% / 85.41%
||
7 Day CHG+0.02%
Published-26 May, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tc~sld~wd~main/Main, related to "CIM UPLOAD," aka SAP Security Note 2090851.

Action-Not Available
Vendor-n/aSAP SE
Product-sap_netweaver_application_server_javan/a
CVE-2015-4092
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.21% / 86.65%
||
7 Day CHG+0.03%
Published-26 May, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, aka SAP Security Note 2153690.

Action-Not Available
Vendor-n/aSAP SE
Product-afarian/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-2282
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.52% / 87.80%
||
7 Day CHG~0.00%
Published-02 Jun, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316.

Action-Not Available
Vendor-n/aSAP SE
Product-netweaver_java_application_serverrfc_librarynetweaver_rfc_sdkguinetweaver_abap_application_servermaxdbn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-2816
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.58% / 83.34%
||
7 Day CHG~0.00%
Published-01 Apr, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict access, which allows remote attackers to have unspecified impact via a crafted request, aka SAP Security Note 2134905.

Action-Not Available
Vendor-n/aSAP SE
Product-afarian/a
CWE ID-CWE-284
Improper Access Control
CVE-2015-1312
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.32% / 67.44%
||
7 Day CHG~0.00%
Published-22 Jan, 2015 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown vectors, aka SAP Note 2000401. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-n/aSAP SE
Product-enterprise_resource_planningn/a
CVE-2014-8587
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.29% / 66.61%
||
7 Day CHG~0.00%
Published-04 Nov, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.

Action-Not Available
Vendor-n/aSAP SE
Product-commoncryptolibsapseculibhanasapcryptolibnetweavern/a
CVE-2014-5175
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.96% / 77.86%
||
7 Day CHG~0.00%
Published-31 Jul, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS.

Action-Not Available
Vendor-n/aSAP SE
Product-solution_managern/a
CWE ID-CWE-287
Improper Authentication
CVE-2013-7362
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.13% / 79.68%
||
7 Day CHG~0.00%
Published-10 Apr, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands via unknown vectors.

Action-Not Available
Vendor-n/aSAP SE
Product-ccms_agentn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2014-9264
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.94% / 89.12%
||
7 Day CHG~0.00%
Published-11 Dec, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias.

Action-Not Available
Vendor-n/aSAP SE
Product-sql_anywheren/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-2748
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.53% / 71.64%
||
7 Day CHG~0.00%
Published-10 Apr, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aSAP SE
Product-enhancement_packageerpn/a
CVE-2014-4003
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.99% / 85.67%
||
7 Day CHG~0.00%
Published-09 Jun, 2014 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system.

Action-Not Available
Vendor-n/aSAP SE
Product-netweavern/a
CVE-2014-2752
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.51% / 71.36%
||
7 Day CHG~0.00%
Published-10 Apr, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.

Action-Not Available
Vendor-n/aSAP SE
Product-business_object_processing_framework_for_abapn/a
CVE-2014-2751
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.51% / 71.36%
||
7 Day CHG~0.00%
Published-10 Apr, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Print and Output Management has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.

Action-Not Available
Vendor-n/aSAP SE
Product-print_and_output_managementn/a
CVE-2013-7363
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.53% / 71.64%
||
7 Day CHG~0.00%
Published-10 Apr, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Diagnostics (SMD) agent in SAP Solution Manager allows remote attackers to obtain sensitive information, modify the configuration of applications, and install or remove applications via vectors involving the P4 protocol.

Action-Not Available
Vendor-n/aSAP SE
Product-solution_managern/a
CVE-2011-1517
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.22% / 89.77%
||
7 Day CHG~0.00%
Published-05 Feb, 2020 | 22:15
Updated-06 Aug, 2024 | 22:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerability to cause the application to crash.

Action-Not Available
Vendor-n/aSAP SE
Product-netweavern/a
CVE-2013-6284
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.99% / 78.29%
||
7 Day CHG~0.00%
Published-26 Oct, 2013 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Statutory Reporting for Insurance (FS_SR) component in the Financial Services module for SAP ERP Central Component (ECC) allows attackers to execute arbitrary code via unspecified vectors, related to a "code injection vulnerability."

Action-Not Available
Vendor-n/aSAP SE
Product-erp_central_componentn/a
CVE-2021-27610
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-9||CRITICAL
EPSS-1.58% / 72.57%
||
7 Day CHG~0.00%
Published-16 Jun, 2021 | 14:45
Updated-03 Aug, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system.

Action-Not Available
Vendor-SAP SE
Product-netweaver_abapnetweaver_application_server_abapSAP NetWeaver AS ABAP and ABAP Platform
CWE ID-CWE-287
Improper Authentication
CVE-2017-7691
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.60% / 72.83%
||
7 Day CHG~0.00%
Published-11 Apr, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592.

Action-Not Available
Vendor-n/aSAP SE
Product-trexn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-3614
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-70.00% / 99.30%
||
7 Day CHG~0.00%
Published-06 Jul, 2007 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB Web Server) in SAP DB, possibly 7.3 through 7.5, allow remote attackers to execute arbitrary code via (1) a certain cookie value; (2) a certain additional parameter, related to sapdbwa_GetQueryString; and other unspecified vectors related to "numerous other fields."

Action-Not Available
Vendor-n/aSAP SE
Product-sap_dbn/a
CVE-2020-6198
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-9.8||CRITICAL
EPSS-1.38% / 68.84%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 20:18
Updated-04 Aug, 2024 | 08:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker to control all remote functions on the Agent due to Missing Authentication Check.

Action-Not Available
Vendor-SAP SE
Product-solution_managerSAP Solution Manager (Diagnostics Agent)
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-6263
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-6.9||MEDIUM
EPSS-1.44% / 69.98%
||
7 Day CHG~0.00%
Published-10 Jun, 2020 | 12:44
Updated-04 Aug, 2024 | 08:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that require user identity leading to Authentication Bypass.

Action-Not Available
Vendor-SAP SE
Product-netweaver_application_server_javaSAP NetWeaver AS JAVA
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-6302
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-6.4||MEDIUM
EPSS-0.80% / 52.27%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:52
Updated-04 Aug, 2024 | 08:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially. An attacker can get this session ID via shoulder surfing or man in the middle attack and subsequently get access to admin user accounts, leading to Session Fixation and complete compromise of the confidentiality, integrity and availability of the application.

Action-Not Available
Vendor-SAP SE
Product-commerceSAP Commerce
CWE ID-CWE-384
Session Fixation
CVE-2020-6242
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-9.8||CRITICAL
EPSS-0.84% / 53.49%
||
7 Day CHG~0.00%
Published-12 May, 2020 | 17:58
Updated-04 Aug, 2024 | 08:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check.

Action-Not Available
Vendor-SAP SE
Product-businessobjects_business_intelligence_platformSAP Business Objects Business Intelligence Platform (Live Data Connect)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-6265
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-9.8||CRITICAL
EPSS-1.36% / 68.36%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 18:24
Updated-04 Aug, 2024 | 08:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Commerce, versions - 6.7, 1808, 1811, 1905, and SAP Commerce (Data Hub), versions - 6.7, 1808, 1811, 1905, allows an attacker to bypass the authentication and/or authorization that has been configured by the system administrator due to the use of Hardcoded Credentials.

Action-Not Available
Vendor-SAP SE
Product-commerce_data_hubcommerceSAP Commerce (Data Hub)SAP Commerce
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2006-4133
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.92% / 92.35%
||
7 Day CHG~0.00%
Published-14 Aug, 2006 | 23:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in SAP Internet Graphics Service (IGS) 6.40 and earlier, and 7.00 and earlier, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via an HTTP request with an ADM:GETLOGFILE command and a long portwatcher argument, which triggers the overflow during error message construction when the _snprintf function returns a negative value that is used in a memcpy operation.

Action-Not Available
Vendor-n/aSAP SE
Product-internet_graphics_servern/a
CVE-2022-41259
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-6.5||MEDIUM
EPSS-0.72% / 49.25%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-02 May, 2025 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor.

Action-Not Available
Vendor-SAP SE
Product-sql_anywhereSAP SQL Anywhere
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-0063
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-8.8||HIGH
EPSS-0.72% / 49.33%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 00:09
Updated-24 Oct, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

SAP NetWeaver AS ABAP and ABAP Platform does not check for authorization when a user executes some RFC function modules. This could lead to an attacker with basic user privileges to gain control over the data in Informix database, leading to complete compromise of confidentiality, integrity and availability.

Action-Not Available
Vendor-SAP SE
Product-sap_basisSAP NetWeaver AS ABAP and ABAP Platform
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32246
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-4.6||MEDIUM
EPSS-0.39% / 30.64%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 20:26
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impact on confidentiality and integrity of the application

Action-Not Available
Vendor-SAP SE
Product-business_objects_business_intelligence_platformSAP BusinessObjects Business Intelligence Platform (Visual Difference Application)
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-22540
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-7.5||HIGH
EPSS-1.19% / 64.03%
||
7 Day CHG+0.02%
Published-09 Feb, 2022 | 22:05
Updated-03 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. Successful attacks could result in disclosure of a table of contents from the system, but no risk of modification possible.

Action-Not Available
Vendor-SAP SE
Product-netweaver_application_server_abapSAP NetWeaver AS ABAP (Workplace Server)
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 153
  • 154
  • Next
Details not found