2 matches found
Input validation
Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1 Certain HTTP/REST endpoints of controller service are missing user input validation which could allow unprivileged attackers to forge audit log lines. Hence the interpretation of audit log files...
CVE-2017-16680
SAP HANA XS/Extended Application Services 1.0 contains two audit log injection issues: (1) controller service HTTP/REST endpoints lack input validation, allowing unprivileged forged audit log lines, and (2) User Account and Authentication logs into syslog and a separate log file with unescaped en...