Code injection

SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service process termination or execute arbitrary code via vectors related to an IMPORT statement, aka SAP Security Note 2233136...

Design/Logic Flaw

SAP TREX 7.10 Revision 63 allows remote attackers to write to arbitrary files via vectors related to RFC-Gateway, aka SAP Security Note 2203591...

Design/Logic Flaw

An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226...

Code injection

The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailederroronconnect option is not supported or is configured as "False," which allows remote attackers to enumerat...

Directory traversal

Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591...

Design/Logic Flaw

SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591...

Design/Logic Flaw

SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain sensitive information by leveraging the EXPORT statement to export files, aka SAP Security Note 2252941...

CVE-2016-6150

The CVE-2016-6150 issue affects SAP HANA: its multi-tenant database container feature does not encrypt communications, allowing remote attackers to bypass access controls and potentially cause further impact via unknown vectors. The vulnerability is documented across multiple sources (including S...

CVE-2016-6148

SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service process termination or execute arbitrary code via vectors related to an IMPORT statement, aka SAP Security Note 2233136...

CVE-2016-6140

CVE-2016-6140 affects SAP TREX 7.10 Revision 63. Remote attackers can write arbitrary files via RFC-Gateway vectors, linked to SAP Security Note 2203591. The issue enables file write with network access and no authentication required, with high/critical impact on confidentiality, integrity, and a...

CVE-2016-6139

SAP TREX 7.10 Revision 63 is affected by a vulnerability that allows remote attackers to read arbitrary files via unspecified vectors. The issue is described in CVE-2016-6139 (aka SAP Security Note 2203591). The CVSS data indicates high to critical impact, with network access and no authenticatio...

CVE-2016-6138

SAP TREX 7.10 Revision 63 is affected by a directory traversal vulnerability (CVE-2016-6138). An unauthenticated remote attacker could read arbitrary files via unspecified vectors, as described in SAP Security Note 2203591. Root cause is insufficient input filtering in TREX, enabling traversal se...

CVE-2016-6144

SAP HANA SQL interface vulnerability CVE-2016-6144 affects SAP HANA versions prior to Revision 102, where login attempts for SYSTEM are not rate-limited when password_lock_for_system_user is unsupported or false, enabling brute-force authentication bypass. Impact: remote attacker could bypass aut...

CVE-2016-6149

CVE-2016-6149 affects SAP HANA SPS09 (1.00.091.00.14186593). The issue arises when using the EXPORT statement, enabling local users to obtain sensitive information via file export, constituting an information disclosure vulnerability. Connected sources confirm the root cause as a local export cap...

CVE-2016-6145

The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailederroronconnect option is not supported or is configured as "False," which allows remote attackers to enumerat...

CVE-2016-6139

SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591...

CVE-2016-6144

The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the passwordlockforsystemuser is not supported or is configured as "False," which makes it easier for remote attackers to bypass authentication via a brute force attack, aka SAP...

CVE-2016-3640

The Extended Application Services aka XS or XS Engine in SAP HANA DB 1.00.091.00.1418659308 allows local users to obtain sensitive password information via vectors related to passwords in Web Dispatcher trace files, aka SAP Security Note 2148905...

CVE-2016-6138

Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591...

CVE-2016-6145

SAP HANA DB 1.00.091.00.1418659308 is affected by a user-enumeration vulnerability where the SQL interface leaks different error messages for failed logins depending on whether a username exists/ is locked due to the detailed_error_on_connect setting. Remote attackers could exploit a series of lo...