Riasztások

A memory corruption vulnerability exists in SAPCAR allowing an attacker to craft malicious SAPCAR archives. When a high privileged victim extracts this malicious archive, it gets processed by...

Due to a Cross-Site Scripting vulnerability in SAP Data Services Management Console, an authenticated attacker could exploit the search functionality associated with DQ job status reports. By...

Due to missing authorization check, an attacker authenticated as a non-administrative user could call a remote-enabled function module. This could enable access to information normally restricted,...

The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the hostname that is used for the connection against the...

The GuiXT application, which is integrated with SAP GUI for Windows, uses obfuscation algorithms instead of secure symmetric ciphers for storing the credentials of an RFC user on the client PC....

SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a...

Due to an open redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft a URL link embedding a malicious script at a location not properly sanitized....

Due to insufficient sanitization in the SAP BusinessObjects Content Administrator Workbench, attackers could craft malicious URLs and execute scripts in a victim?s browser. This could potentially...

Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call (RFC), potentially accessing...

SAPCAR allows an attacker logged in with high privileges to create a malicious SAR archive in SAPCAR. This could enable the attacker to exploit critical files and directory permissions without...