The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SAP ERP

computer vulnerability note CVE-2016-6256

SAP: multiples vulnerabilities of May 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Impacted products: Business Objects, Crystal Enterprise, SAP ERP, NetWeaver, ASE.
Severity: 2/4.
Creation date: 09/05/2017.
Revisions dates: 12/05/2017, 16/05/2017.
Identifiers: CORE-2017-0001, CVE-2016-6256, ERPSCAN-17-027, ERPSCAN-17-028, VIGILANCE-VUL-22669.

Description of the vulnerability

An attacker can use several vulnerabilities of SAP products.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2017-7691

SAP: multiples vulnerabilities of April 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Impacted products: SAP ERP, NetWeaver, ASE.
Severity: 4/4.
Creation date: 11/04/2017.
Revisions dates: 12/04/2017, 09/05/2017.
Identifiers: CVE-2017-7691, ERPSCAN-17-016, ERPSCAN-17-017, ERPSCAN-17-018, ERPSCAN-17-019, VIGILANCE-VUL-22410.

Description of the vulnerability

An attacker can use several vulnerabilities of SAP products.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2017-6950

SAP: multiples vulnerabilities of March 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver, ASE.
Severity: 3/4.
Creation date: 14/03/2017.
Revisions dates: 15/03/2017, 22/03/2017.
Identifiers: CVE-2017-6950, ERPSCAN-17-010, ERPSCAN-17-011, ERPSCAN-17-012, ERPSCAN-17-013, ERPSCAN-17-014, ERPSCAN-17-015, VIGILANCE-VUL-22115.

Description of the vulnerability

An attacker can use several vulnerabilities of SAP products.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2017-5997 CVE-2017-8913 CVE-2017-8914

SAP: multiples vulnerabilities of February 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver, ASE.
Severity: 3/4.
Creation date: 14/02/2017.
Revisions dates: 15/02/2017, 03/03/2017.
Identifiers: CVE-2017-5997, CVE-2017-8913, CVE-2017-8914, CVE-2017-8915, ERPSCAN-17-007, ERPSCAN-17-008, ERPSCAN-17-009, VIGILANCE-VUL-21826.

Description of the vulnerability

An attacker can use several vulnerabilities of SAP products.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2016-6143 CVE-2016-6818 CVE-2017-7696

SAP: multiples vulnerabilities of January 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver, ASE.
Severity: 3/4.
Creation date: 10/01/2017.
Revision date: 11/01/2017.
Identifiers: CVE-2016-6143, CVE-2016-6818, CVE-2017-7696, ERPSCAN-16-036, ERPSCAN-16-037, ERPSCAN-17-001, ERPSCAN-17-002, ERPSCAN-17-003, ERPSCAN-17-004, VIGILANCE-VUL-21534.

Description of the vulnerability

An attacker can use several vulnerabilities of SAP products.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2016-10005 CVE-2016-3684 CVE-2016-3685

SAP: multiples vulnerabilities of December 2016

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver, ASE.
Severity: 3/4.
Creation date: 13/12/2016.
Identifiers: CVE-2016-10005, CVE-2016-3684, CVE-2016-3685, ERPSCAN-16-041, VIGILANCE-VUL-21362.

Description of the vulnerability

An attacker can use several vulnerabilities of SAP products.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2014-9569

SAP NetWeaver Business Client for HTML 3.0: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of SAP NetWeaver Business Client for HTML 3.0, in order to execute JavaScript code in the context of the web site.
Impacted products: SAP ERP, NetWeaver.
Severity: 2/4.
Creation date: 08/01/2015.
Identifiers: 2051285, CVE-2014-9569, SOS-14-005, VIGILANCE-VUL-15932.

Description of the vulnerability

The SAP NetWeaver Business Client for HTML 3.0 product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of SAP NetWeaver Business Client for HTML 3.0, in order to execute JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2013-3678

SAP GRC: code execution

Synthesis of the vulnerability

An attacker can use vulnerabilities of SAP GRC, in order to execute code.
Impacted products: SAP ERP.
Severity: 3/4.
Creation date: 12/11/2014.
Identifiers: 2039348, CVE-2013-3678, ESNC-2039348, VIGILANCE-VUL-15630.

Description of the vulnerability

The SAP GRC product offers a web service.

An attacker can use vulnerabilities of SAP GRC, in order to execute code.

Technical details are unknown.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2014-8592

SAP NetWeaver: denial of service via POST

Synthesis of the vulnerability

An attacker can send a malicious POST query to SAP NetWeaver, in order to trigger a denial of service.
Impacted products: SAP ERP, NetWeaver.
Severity: 2/4.
Creation date: 24/10/2014.
Identifiers: 1986725, CVE-2014-8592, ERPSCAN-14-017, ERPSCAN-14-018, ERPSCAN-14-020, ERPSCAN-14-021, VIGILANCE-VUL-15537.

Description of the vulnerability

The SAP NetWeaver product has a web service.

However, when a partial HTTP POST query is received, a fatal error occurs.

An attacker can therefore send a malicious POST query to SAP NetWeaver HTTPd, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2014-8591

SAP NetWeaver HTTPd: denial of service via POST

Synthesis of the vulnerability

An attacker can send a malicious POST query to SAP NetWeaver HTTPd, in order to trigger a denial of service.
Impacted products: SAP ERP, NetWeaver.
Severity: 2/4.
Creation date: 24/10/2014.
Identifiers: 1966655, CVE-2014-8591, ERPSCAN-14-016, VIGILANCE-VUL-15536.

Description of the vulnerability

The SAP NetWeaver product has an HTTPd service.

However, when a partial HTTP POST query is received, a fatal error occurs.

An attacker can therefore send a malicious POST query to SAP NetWeaver HTTPd, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SAP ERP: