Computer Security
[EN] securityvulns.ru no-pyccku


SAP applications multiple security vulnerabilities
updated since 04.08.2014
Published:22.12.2014
Source:
SecurityVulns ID:13902
Type:remote
Threat Level:
7/10
Description:Unauthorized access, crossite scripting, backdoor account, authentication bypass, unencrypted password transfer.
CVE:CVE-2013-3678 (Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP-RFC request.)
Original documentdocumentOnapsis Research Labs, [Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA (22.12.2014)
 documentESNC Security, [ESNC-2039348] Multiple Critical Security Vulnerabilities in SAP Governance, Risk and Compliance (SAP GRC) (01.12.2014)
 documentAlexandre Herzog, SAP Security Note 1908531 - XXE in BusinessObjects Explorer (14.10.2014)
 documentAlexandre Herzog, SAP Security Note 1908647 - Cross Site Flashing in BusinessObjects Explorer (14.10.2014)
 documentAlexandre Herzog, SAP Security Note 1908562 - Port scanning in BusinessObjects Explorer (14.10.2014)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2014-032] SAP BusinessObjects Persistent Cross Site Scripting (14.10.2014)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2014-029] SAP Business Objects Information Disclosure (14.10.2014)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2014-030] SAP Business Objects Denial of Service via CORBA (14.10.2014)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2014-031] SAP Business Objects Information Disclosure via CORBA (14.10.2014)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2014-033] SAP Business Warehouse Missing Authorization Check (14.10.2014)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2014-027] SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities (14.10.2014)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2014-028] SAP HANA Web-based Development Workbench Code Injection (14.10.2014)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2014-026] Missing authorization check in function modules of BW-SYS-DB-DB4 (04.08.2014)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2014-025] Multiple Cross Site Scripting Vulnerabilities in SAP HANA XS Administration Tool (04.08.2014)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2014-024] Hard-coded Username in SAP FI Manager Self-Service (04.08.2014)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2014-023] HTTP verb tampering issue in SAP_JTECHS (04.08.2014)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2014-022] SAP HANA IU5 SDK Authentication Bypass (04.08.2014)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2014-021] SAP HANA XS Missing encryption in form-based authentication (04.08.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod