The vulnerability of the SAP HANA Extended Application Services development tool, which stems from insufficient validation of input data, allows a perpetrator to gain unauthorized access to the list of open ports.

The vulnerability of the SAP HANA Extended Application Services development tool exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the list of open ports...

SAP HANA Extended Application Services Input Validation Error Vulnerability (CNVD-2020-09649)

SAP HANA is a high-performance real-time data analytics platform from SAP. The platform provides data query functions to support users to query real-time business data query and analysis.Extended Application Services is an application server, Web server and SAP HANA System within the Web...

CVE-2019-0363

Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services Advanced model, before version 1.0.118, to overload the server or retrieve information about internal network ports...

The vulnerability of the SAP HANA Extended Application Services development tool lies in the fact that the recording of user credentials in a trace file allows an attacker to access protected information.

The vulnerability of the SAP HANA Extended Application Services development tool lies in the process of recording user credentials in a trace file. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to protected information...

CVE-2019-0261

Under certain circumstances, SAP HANA Extended Application Services, advanced model XS advanced does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 running on SAP HANA 1 or SAP HANA 2 SPS0 second S stands for stack...

CVE-2018-2451

XS Command-Line Interface CLI user sessions with the SAP HANA Extended Application Services XS, version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding...

CVE-2018-2377

In SAP HANA Extended Application Services, 1.0, some general server statistics and status information could be retrieved by unauthorized users...

CVE-2018-2378

In SAP HANA Extended Application Services, 1.0, unauthorized users can read statistical data about deployed applications including resource consumption...

CVE-2018-2378

In SAP HANA Extended Application Services, 1.0, unauthorized users can read statistical data about deployed applications including resource consumption...

CVE-2018-2372

A plain keystore password is written to a system log file in SAP HANA Extended Application Services, 1.0, which could endanger confidentiality of SSL communication...

PT-2018-15505 · Sap · Sap Hana Extended Application Services

Name of the Vulnerable Software and Affected Versions: SAP HANA Extended Application Services version 1.0 Description: A plain keystore password is written to a system log file, which could endanger the confidentiality of SSL communication. Recommendations: For SAP HANA Extended Application...

PT-2018-15509 · Sap · Sap Hana Extended Application Services

Name of the Vulnerable Software and Affected Versions: SAP HANA Extended Application Services version 1.0 Description: A controller user with SpaceAuditor authorization in a specific space could retrieve application environments within that space. Recommendations: For SAP HANA Extended Applicatio...

[Onapsis Security Advisory 2014-022] SAP HANA IU5 SDK Authentication Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory2014-022: SAP HANA IU5 SDK Authentication Bypass This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand...