CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

BDU FSTEC•added 2022/07/06 12:0 a.m.•5 views

The vulnerabilities of the Metasys Application and Data Server (ADS), Metasys Extended Application and Data Server (ADX), and Metasys Open Application Server (OAS) are related to the lack of measures for cleaning incoming data, allowing a perpetrator to execute arbitrary code.

The vulnerabilities of the Metasys Application and Data Server ADS, Metasys Extended Application and Data Server ADX, and Metasys Open Application Server OAS are related to the lack of measures for cleaning incoming data. Exploiting these vulnerabilities allows a remote attacker to execute...

8.5CVSS6.4AI score0.00486EPSS

Exploits0References4Affected Software3

BDU FSTEC•added 2022/05/30 12:0 a.m.•5 views

The vulnerability of the Metasys Application and Data Server (ADS), Metasys Extended Application and Data Server (ADX), and Metasys Open Application Server (OAS) lies in the incomplete cleanup of session tokens, allowing attackers to obtain session tokens from authenticated users.

The vulnerability of the Metasys Application and Data Server ADS, Metasys Extended Application and Data Server ADX, and Metasys Open Application Server OAS is related to incomplete cleaning of session tokens. Exploiting this vulnerability can allow a malicious actor to obtain the session token of...

9.3CVSS7.8AI score0.00968EPSS

Exploits0References6Affected Software3

BDU FSTEC•added 2020/01/13 12:0 a.m.•2 views

The vulnerability of the SAP HANA Extended Application Services development tool, which stems from insufficient validation of input data, allows a perpetrator to gain unauthorized access to the list of open ports.

The vulnerability of the SAP HANA Extended Application Services development tool exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the list of open ports...

4.3CVSS5.5AI score0.00704EPSS

Exploits0References3Affected Software1

CNVD•added 2019/12/17 12:0 a.m.•2 views

SAP HANA Extended Application Services Input Validation Error Vulnerability (CNVD-2020-09649)

SAP HANA is a high-performance real-time data analytics platform from SAP. The platform provides data query functions to support users to query real-time business data query and analysis.Extended Application Services is an application server, Web server and SAP HANA System within the Web...

4.3CVSS6.7AI score0.00704EPSS

CNVD•added 2019/12/17 12:0 a.m.•3 views

SAP HANA Extended Application Services Input Validation Error Vulnerability

7.1CVSS6.5AI score0.00897EPSS

NVD•added 2019/09/10 5:15 p.m.•16 views

CVE-2019-0363

Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services Advanced model, before version 1.0.118, to overload the server or retrieve information about internal network ports...

7.1CVSS6.8AI score0.00897EPSS

OSV•added 2019/09/10 5:15 p.m.•4 views

CVE-2019-0363

7.1CVSS5.8AI score0.00897EPSS

OSV•added 2019/09/10 5:15 p.m.•3 views

CVE-2019-0364

Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services Advanced model, before version 1.0.118, to enumerate open ports...

4.3CVSS5.8AI score0.00704EPSS

CVE•added 2019/09/10 4:11 p.m.•88 views

CVE-2019-0363

CVE-2019-0363 affects SAP HANA Extended Application Services (Advanced model). An HTTP/REST endpoint may be misused before version 1.0.118 to overload the SAP HANA server or to reveal information about internal network ports. This describes a network-based issue in the HTTP/REST interface with a ...

7.1CVSS6.8AI score0.00897EPSS

Exploits0References2Affected Software1

CNVD•added 2019/07/15 12:0 a.m.•1 views

SAP HANA Extended Application Services External Entity Injection Vulnerability

6.5CVSS7.1AI score0.02167EPSS

CNVD•added 2019/06/13 12:0 a.m.•3 views

SAP HANA Extended Application Services Information Disclosure Vulnerability (CNVD-2019-34744)

4.3CVSS6.1AI score0.00897EPSS

Prion•added 2019/06/12 3:29 p.m.•17 views

Design/Logic Flaw

SAP HANA Extended Application Services advanced model, version 1, allows authenticated low privileged XS Advanced Platform users such as SpaceAuditors to execute requests to obtain a complete list of SAP HANA user IDs and names...

4CVSS4.8AI score0.00897EPSS

Exploits0References2Affected Software1

Cvelist•added 2019/06/12 2:21 p.m.•18 views

CVE-2019-0306

4.7AI score0.00897EPSS

OSV•added 2019/03/12 10:29 p.m.•3 views

CVE-2019-0277

SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space XML External Entity vulnerability...

6.5CVSS5.8AI score0.02167EPSS

OSV•added 2019/02/15 6:29 p.m.•3 views

CVE-2019-0266

Under certain conditions SAP HANA Extended Application Services, version 1.0, advanced model XS advanced writes credentials of platform users to a trace file of the SAP HANA system. Even though this trace file is protected from unauthorized access, the risk of leaking information is increased...

7.5CVSS5.8AI score

CNVD•added 2019/02/15 12:0 a.m.•1 views

SAP HANA Extended Application Service Information Disclosure Vulnerability

7.5CVSS6.2AI score0.01754EPSS

NVD•added 2018/09/11 3:29 p.m.•18 views

CVE-2018-2465

SAP HANA versions 1.0 and 2.0 Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash...

7.5CVSS7.5AI score0.02555EPSS