Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-8588

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-04 Nov, 2014 | 15:00
Updated At-06 Aug, 2024 | 13:25
Rejected At-
Credits

SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:04 Nov, 2014 | 15:00
Updated At:06 Aug, 2024 | 13:25
Rejected At:
▼CVE Numbering Authority (CNA)

SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/
x_refsource_MISC
https://service.sap.com/sap/support/notes/2067972
x_refsource_MISC
https://erpscan.io/advisories/erpscan-14-013-sap-hana-metadata-xsjs-sql-injection/
x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/98579
vdb-entry
x_refsource_XF
Hyperlink: https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/
Resource:
x_refsource_MISC
Hyperlink: https://service.sap.com/sap/support/notes/2067972
Resource:
x_refsource_MISC
Hyperlink: https://erpscan.io/advisories/erpscan-14-013-sap-hana-metadata-xsjs-sql-injection/
Resource:
x_refsource_MISC
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/98579
Resource:
vdb-entry
x_refsource_XF
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/
x_refsource_MISC
x_transferred
https://service.sap.com/sap/support/notes/2067972
x_refsource_MISC
x_transferred
https://erpscan.io/advisories/erpscan-14-013-sap-hana-metadata-xsjs-sql-injection/
x_refsource_MISC
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/98579
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://service.sap.com/sap/support/notes/2067972
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://erpscan.io/advisories/erpscan-14-013-sap-hana-metadata-xsjs-sql-injection/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/98579
Resource:
vdb-entry
x_refsource_XF
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:04 Nov, 2014 | 15:55
Updated At:12 Apr, 2025 | 10:46

SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
SAP SE
sap
>>hana>>1.00.60.379371
cpe:2.3:h:sap:hana:1.00.60.379371:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Primarynvd@nist.gov
CWE ID: CWE-89
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://erpscan.io/advisories/erpscan-14-013-sap-hana-metadata-xsjs-sql-injection/cve@mitre.org
N/A
https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/98579cve@mitre.org
N/A
https://service.sap.com/sap/support/notes/2067972cve@mitre.org
N/A
https://erpscan.io/advisories/erpscan-14-013-sap-hana-metadata-xsjs-sql-injection/af854a3a-2127-422b-91ae-364da2661108
N/A
https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/98579af854a3a-2127-422b-91ae-364da2661108
N/A
https://service.sap.com/sap/support/notes/2067972af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://erpscan.io/advisories/erpscan-14-013-sap-hana-metadata-xsjs-sql-injection/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/98579
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://service.sap.com/sap/support/notes/2067972
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://erpscan.io/advisories/erpscan-14-013-sap-hana-metadata-xsjs-sql-injection/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/98579
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://service.sap.com/sap/support/notes/2067972
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

6789Records found
CVE-2016-2386
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-44.33% / 97.47%
||
7 Day CHG~0.00%
Published-16 Feb, 2016 | 15:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-30||Apply updates per vendor instructions.

SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079.

Action-Not Available
Vendor-n/aSAP SE
Product-netweaver_application_server_javan/aNetWeaver
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2015-3980
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.23% / 45.48%
||
7 Day CHG~0.00%
Published-12 May, 2015 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534.

Action-Not Available
Vendor-n/aSAP SE
Product-customer_relationship_managementn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-8663
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.91%
||
7 Day CHG~0.00%
Published-06 Nov, 2014 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aSAP SE
Product-netweaver_business_warehousen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-8668
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.40% / 59.72%
||
7 Day CHG~0.00%
Published-06 Nov, 2014 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aSAP SE
Product-contract_accountingn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-8664
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.40% / 59.72%
||
7 Day CHG~0.00%
Published-06 Nov, 2014 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aSAP SE
Product-environment_health_and_safetyn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2013-6869
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.04%
||
7 Day CHG~0.00%
Published-23 Nov, 2013 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aSAP SE
Product-netweavern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2013-7094
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.71% / 71.23%
||
7 Day CHG~0.00%
Published-13 Dec, 2013 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aSAP SE
Product-netweavern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2013-7355
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.91%
||
7 Day CHG~0.00%
Published-10 Apr, 2014 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in SAP BI Universal Data Integration allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to the J2EE schema.

Action-Not Available
Vendor-n/aSAP SE
Product-bi_universal_data_integrationn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2013-5723
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.79% / 72.93%
||
7 Day CHG~0.00%
Published-11 Sep, 2013 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE."

Action-Not Available
Vendor-n/aSAP SE
Product-netweavern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2013-7096
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.55%
||
7 Day CHG~0.00%
Published-13 Dec, 2013 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aSAP SE
Product-emr_unwiredn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2015-7239
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.08%
||
7 Day CHG~0.00%
Published-18 Sep, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aSAP SE
Product-netweaver_j2ee_enginen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2015-4159
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.29% / 52.27%
||
7 Day CHG~0.00%
Published-02 Jun, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892.

Action-Not Available
Vendor-n/aSAP SE
Product-hana_web-based_development_workbenchn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2015-4160
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.34%
||
7 Day CHG~0.00%
Published-02 Jun, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278.

Action-Not Available
Vendor-n/aSAP SE
Product-ase_database_platformn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2019-0403
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-9.8||CRITICAL
EPSS-6.56% / 90.76%
||
7 Day CHG~0.00%
Published-11 Dec, 2019 | 21:35
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection.

Action-Not Available
Vendor-SAP SE
Product-enable_nowSAP Enable Now
CWE ID-CWE-1236
Improper Neutralization of Formula Elements in a CSV File
CVE-2019-0344
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-9.8||CRITICAL
EPSS-50.70% / 97.77%
||
7 Day CHG+16.63%
Published-14 Aug, 2019 | 13:53
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-10-21||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.

Action-Not Available
Vendor-SAP SE
Product-commerce_cloudSAP Commerce Cloud (virtualjdbc extension)commerce_cloudCommerce Cloud
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2019-0247
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-9.8||CRITICAL
EPSS-0.57% / 67.59%
||
7 Day CHG~0.00%
Published-08 Jan, 2019 | 20:00
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.

Action-Not Available
Vendor-SAP SE
Product-cloud_connectorSAP Cloud Connector
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-0261
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-9.8||CRITICAL
EPSS-3.35% / 86.81%
||
7 Day CHG~0.00%
Published-15 Feb, 2019 | 18:00
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP HANA 2 SPS0 (second S stands for stack)).

Action-Not Available
Vendor-SAP SE
Product-landscape_managementSAP HANA Extended Application Services
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2011-1517
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.37% / 84.32%
||
7 Day CHG~0.00%
Published-05 Feb, 2020 | 22:15
Updated-06 Aug, 2024 | 22:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerability to cause the application to crash.

Action-Not Available
Vendor-n/aSAP SE
Product-netweavern/a
CVE-2019-0246
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-9.8||CRITICAL
EPSS-3.35% / 86.81%
||
7 Day CHG~0.00%
Published-08 Jan, 2019 | 20:00
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Cloud Connector, before version 2.11.3, does not perform any authentication checks for functionalities that require user identity.

Action-Not Available
Vendor-SAP SE
Product-cloud_connectorSAP Cloud Connector
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-0304
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-9.8||CRITICAL
EPSS-0.60% / 68.44%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 14:21
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. An attacker could thereby control the behaviour of the application.

Action-Not Available
Vendor-SAP SE
Product-advanced_business_application_programming_platform_kerneladvanced_business_application_programming_platform_krnl64ucadvanced_business_application_programming_platform_krnl32ucadvanced_business_application_programming_platform_krnl32nucadvanced_business_application_programming_platform_krnl64nucSAP NetWeaver AS ABAP Platform(KERNEL)SAP NetWeaver AS ABAP Platform(KRNL64UC)SAP NetWeaver AS ABAP Platform(KRNL32NUC)SAP NetWeaver AS ABAP Platform(KRNL32UC)SAP NetWeaver AS ABAP Platform(KRNL64NUC)
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2019-0259
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-9.8||CRITICAL
EPSS-0.73% / 71.66%
||
7 Day CHG~0.00%
Published-15 Feb, 2019 | 18:00
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation.

Action-Not Available
Vendor-SAP SE
Product-businessobjectsSAP BusinessObjects Business Intelligence Platform Servers (Enterprise)
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2016-1928
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-37.33% / 97.05%
||
7 Day CHG~0.00%
Published-20 Jan, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security Note 2241978.

Action-Not Available
Vendor-n/aSAP SE
Product-hanan/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-10311
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.07% / 88.07%
||
7 Day CHG~0.00%
Published-10 Apr, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238.

Action-Not Available
Vendor-n/aSAP SE
Product-netweavern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-2449
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-8.6||HIGH
EPSS-1.30% / 78.92%
||
7 Day CHG~0.00%
Published-14 Aug, 2018 | 16:00
Updated-05 Aug, 2024 | 04:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying.

Action-Not Available
Vendor-SAP SE
Product-supplier_relationship_management_mdm_catalogSAP Supplier Relationship Management Master Data Management Catalog
CWE ID-CWE-287
Improper Authentication
CVE-2020-6302
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-6.4||MEDIUM
EPSS-0.40% / 59.73%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:52
Updated-04 Aug, 2024 | 08:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially. An attacker can get this session ID via shoulder surfing or man in the middle attack and subsequently get access to admin user accounts, leading to Session Fixation and complete compromise of the confidentiality, integrity and availability of the application.

Action-Not Available
Vendor-SAP SE
Product-commerceSAP Commerce
CWE ID-CWE-384
Session Fixation
CVE-2015-7993
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.68%
||
7 Day CHG~0.00%
Published-10 Nov, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "HTTP Login," aka SAP Security Note 2197397.

Action-Not Available
Vendor-n/aSAP SE
Product-hanan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-8600
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.48%
||
7 Day CHG~0.00%
Published-17 Dec, 2015 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SysAdminWebTool servlets in SAP Mobile Platform allow remote attackers to bypass authentication and obtain sensitive information, gain privileges, or have unspecified other impact via unknown vectors, aka SAP Security Note 2227855.

Action-Not Available
Vendor-n/aSAP SE
Product-mobile_platformn/a
CVE-2015-7986
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-25.85% / 96.05%
||
7 Day CHG~0.00%
Published-27 Oct, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 2197428.

Action-Not Available
Vendor-n/aSAP SE
Product-hanan/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7994
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.81% / 82.09%
||
7 Day CHG~0.00%
Published-10 Nov, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SQL interface in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "SQL Login," aka SAP Security Note 2197428.

Action-Not Available
Vendor-n/aSAP SE
Product-hanan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-2408
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-7.3||HIGH
EPSS-0.21% / 43.35%
||
7 Day CHG~0.00%
Published-10 Apr, 2018 | 15:00
Updated-05 Aug, 2024 | 04:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active.

Action-Not Available
Vendor-SAP SE
Product-businessobjectsSAP Business Objects
CWE ID-CWE-384
Session Fixation
CVE-2021-37535
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-10||CRITICAL
EPSS-0.34% / 55.85%
||
7 Day CHG~0.00%
Published-14 Sep, 2021 | 11:21
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.

Action-Not Available
Vendor-SAP SE
Product-netweaver_application_server_javaSAP NetWeaver Application Server Java (JMS Connector Service)
CWE ID-CWE-862
Missing Authorization
CVE-2018-2420
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-6.5||MEDIUM
EPSS-0.65% / 69.95%
||
7 Day CHG~0.00%
Published-09 May, 2018 | 20:00
Updated-05 Aug, 2024 | 04:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation.

Action-Not Available
Vendor-SAP SE
Product-internet_graphics_serverSAP Internet Graphics Server (IGS)
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2018-2404
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 50.71%
||
7 Day CHG~0.00%
Published-10 Apr, 2018 | 15:00
Updated-05 Aug, 2024 | 04:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation.

Action-Not Available
Vendor-SAP SE
Product-disclosure_managementSAP Disclosure Management
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2015-5067
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.58% / 80.85%
||
7 Day CHG~0.00%
Published-24 Jun, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982.

Action-Not Available
Vendor-n/aSAP SE
Product-netweavern/a
CVE-2015-4092
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.11% / 83.39%
||
7 Day CHG~0.00%
Published-26 May, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, aka SAP Security Note 2153690.

Action-Not Available
Vendor-n/aSAP SE
Product-afarian/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-5068
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.96% / 75.49%
||
7 Day CHG~0.00%
Published-24 Jun, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security Note 2159601.

Action-Not Available
Vendor-n/aSAP SE
Product-mobile_platformn/a
CVE-2015-4161
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.46%
||
7 Day CHG~0.00%
Published-02 Jun, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690.

Action-Not Available
Vendor-n/aSAP SE
Product-afarian/a
CVE-2018-2368
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-9.8||CRITICAL
EPSS-3.17% / 86.41%
||
7 Day CHG~0.00%
Published-01 Mar, 2018 | 17:00
Updated-05 Aug, 2024 | 04:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity.

Action-Not Available
Vendor-SAP SE
Product-netweaver_system_landscape_directorySAP NetWeaver System Landscape Directory, LM-Core
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2015-2816
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.76% / 72.26%
||
7 Day CHG~0.00%
Published-01 Apr, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict access, which allows remote attackers to have unspecified impact via a crafted request, aka SAP Security Note 2134905.

Action-Not Available
Vendor-n/aSAP SE
Product-afarian/a
CWE ID-CWE-284
Improper Access Control
CVE-2015-1312
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.15%
||
7 Day CHG~0.00%
Published-22 Jan, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown vectors, aka SAP Note 2000401. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-n/aSAP SE
Product-enterprise_resource_planningn/a
CVE-2014-9264
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.26% / 88.36%
||
7 Day CHG~0.00%
Published-11 Dec, 2014 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias.

Action-Not Available
Vendor-n/aSAP SE
Product-sql_anywheren/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-8587
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.58% / 68.06%
||
7 Day CHG~0.00%
Published-04 Nov, 2014 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.

Action-Not Available
Vendor-n/aSAP SE
Product-netweaversapseculibsapcryptolibhanacommoncryptolibn/a
CVE-2014-4003
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.21% / 78.13%
||
7 Day CHG~0.00%
Published-09 Jun, 2014 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system.

Action-Not Available
Vendor-n/aSAP SE
Product-netweavern/a
CVE-2003-1036
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.08% / 86.22%
||
7 Day CHG~0.00%
Published-16 Mar, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in the AGate component for SAP Internet Transaction Server (ITS) allow remote attackers to execute arbitrary code via long (1) ~command, (2) ~runtimemode, or (3) ~session parameters, or (4) a long HTTP Content-Type header.

Action-Not Available
Vendor-n/aSAP SE
Product-internet_transaction_servern/a
CVE-2014-2748
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.68% / 70.51%
||
7 Day CHG~0.00%
Published-10 Apr, 2014 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aSAP SE
Product-enhancement_packageerpn/a
CVE-2017-9844
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.73% / 90.09%
||
7 Day CHG~0.00%
Published-12 Jul, 2017 | 16:00
Updated-02 May, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804. NOTE: The vendor states that the devserver package of Visual Composer deserializes a malicious object that may cause legitimate users accessing a service, either by crashing or flooding the service.

Action-Not Available
Vendor-n/aSAP SE
Product-netweavern/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2013-7364
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.68% / 70.51%
||
7 Day CHG~0.00%
Published-10 Apr, 2014 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors.

Action-Not Available
Vendor-n/aSAP SE
Product-netweavern/a
CVE-2013-7362
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.98% / 75.76%
||
7 Day CHG~0.00%
Published-10 Apr, 2014 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands via unknown vectors.

Action-Not Available
Vendor-n/aSAP SE
Product-ccms_agentn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-6284
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.61% / 68.84%
||
7 Day CHG~0.00%
Published-26 Oct, 2013 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Statutory Reporting for Insurance (FS_SR) component in the Financial Services module for SAP ERP Central Component (ECC) allows attackers to execute arbitrary code via unspecified vectors, related to a "code injection vulnerability."

Action-Not Available
Vendor-n/aSAP SE
Product-erp_central_componentn/a
CVE-2013-7360
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.15%
||
7 Day CHG~0.00%
Published-10 Apr, 2014 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in SAP adminadapter allows remote attackers to read or write to arbitrary files via unknown vectors.

Action-Not Available
Vendor-n/aSAP SE
Product-adminadaptern/a
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 135
  • 136
  • Next
Details not found