61 matches found
EUVD-2019-1079
Malware in sbrugna...
The vulnerability of the SAP HANA Extended Application Services development tool, which stems from insufficient validation of input data, allows a perpetrator to gain unauthorized access to the list of open ports.
The vulnerability of the SAP HANA Extended Application Services development tool exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the list of open ports...
SAP HANA Extended Application Services Input Validation Error Vulnerability
SAP HANA is a high-performance real-time data analytics platform from SAP. The platform provides data query functions to support users to query real-time business data query and analysis.Extended Application Services is an application server, Web server and SAP HANA System within the Web...
CVE-2019-0364
Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services Advanced model, before version 1.0.118, to enumerate open ports...
CVE-2019-0363
Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services Advanced model, before version 1.0.118, to overload the server or retrieve information about internal network ports...
CVE-2019-0363
Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services Advanced model, before version 1.0.118, to overload the server or retrieve information about internal network ports...
CVE-2019-0363
CVE-2019-0363 affects SAP HANA Extended Application Services (Advanced model). An HTTP/REST endpoint may be misused before version 1.0.118 to overload the SAP HANA server or to reveal information about internal network ports. This describes a network-based issue in the HTTP/REST interface with a ...
SAP HANA Extended Application Services External Entity Injection Vulnerability
SAP HANA is a high-performance real-time data analytics platform from SAP. The platform provides data query functions to support users to query real-time business data query and analysis.Extended Application Services is an application server, Web server and SAP HANA System within the Web...
SAP HANA Extended Application Services Information Disclosure Vulnerability (CNVD-2019-34744)
SAP HANA is a high-performance real-time data analytics platform from SAP. The platform provides data query functions to support users to query real-time business data query and analysis.Extended Application Services is an application server, Web server and SAP HANA System within the Web...
Design/Logic Flaw
SAP HANA Extended Application Services advanced model, version 1, allows authenticated low privileged XS Advanced Platform users such as SpaceAuditors to execute requests to obtain a complete list of SAP HANA user IDs and names...
CVE-2019-0306
SAP HANA Extended Application Services advanced model, version 1, allows authenticated low privileged XS Advanced Platform users such as SpaceAuditors to execute requests to obtain a complete list of SAP HANA user IDs and names...
CVE-2019-0277
SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space XML External Entity vulnerability...
CVE-2019-0266
Under certain conditions SAP HANA Extended Application Services, version 1.0, advanced model XS advanced writes credentials of platform users to a trace file of the SAP HANA system. Even though this trace file is protected from unauthorized access, the risk of leaking information is increased...
SAP HANA Extended Application Service Information Disclosure Vulnerability
SAP HANA is a high-performance real-time data analytics platform from SAP. The platform provides data query functions to support users to query real-time business data query and analysis.Extended Application Services is an application server, Web server and SAP HANA System within the Web...
CVE-2018-2465
SAP HANA versions 1.0 and 2.0 Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash...
CVE-2018-2465
SAP HANA versions 1.0 and 2.0 Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash...
SAP HANA Extended Application Services Information Disclosure Vulnerability (CNVD-2019-09633)
SAP HANA is a high-performance real-time data analytics platform from SAP, which provides data query functions that allow users to directly query and analyze a large amount of real-time business data.Extended Application Services XS is a development environment for application servers, Web server...
CVE-2018-2451
XS Command-Line Interface CLI user sessions with the SAP HANA Extended Application Services XS, version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding...
Session fixation
XS Command-Line Interface CLI user sessions with the SAP HANA Extended Application Services XS, version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding...
CVE-2018-2451
The CVE-2018-2451 issue concerns SAP HANA XS v1 (Extended Application Services) where a user’s CLI session may remain valid beyond revoked authorizations, allowing a platform user to access controller resources via an active session and an attacker with a session to misuse the token after closure...