EUVD-2019-1034

Malware in sbrugna...

CVE-2025-24868

CVE-2025-24868 relates to SAP HANA XS Advanced (UAA) where an unauthenticated attacker can craft a link that redirects victims’ browsers to a malicious site due to insufficient redirect URL validation. Documented impact is limited to confidentiality, integrity, and availability. Affected componen...

PT-2025-6128 · Sap · Sap Hana Xs Advanced Model

Name of the Vulnerable Software and Affected Versions: SAP HANA extended application services, advanced model SAP HANA XS advanced model affected versions not specified Description: The User Account and Authentication service UAA for SAP HANA extended application services, advanced model allows a...

CVE-2019-0306

SAP HANA Extended Application Services advanced model, version 1, allows authenticated low privileged XS Advanced Platform users such as SpaceAuditors to execute requests to obtain a complete list of SAP HANA user IDs and names...

CVE-2019-0306

SAP HANA Extended Application Services advanced model, version 1, allows authenticated low privileged XS Advanced Platform users such as SpaceAuditors to execute requests to obtain a complete list of SAP HANA user IDs and names...

CVE-2019-0306

SAP HANA Extended Application Services (advanced model) v1 has an information disclosure flaw: authenticated low-privilege XS Advanced users (e.g., SpaceAuditors) can enumerate SAP HANA user IDs and names. Attack vector is network-based with low complexity; confidentiality impact is partial. No e...

CVE-2019-0266

Under certain conditions SAP HANA Extended Application Services, version 1.0, advanced model XS advanced writes credentials of platform users to a trace file of the SAP HANA system. Even though this trace file is protected from unauthorized access, the risk of leaking information is increased...

CVE-2019-0261

Under certain circumstances, SAP HANA Extended Application Services, advanced model XS advanced does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 running on SAP HANA 1 or SAP HANA 2 SPS0 second S stands for stack...

Design/Logic Flaw

Under certain conditions SAP HANA Extended Application Services, version 1.0, advanced model XS advanced writes credentials of platform users to a trace file of the SAP HANA system. Even though this trace file is protected from unauthorized access, the risk of leaking information is increased...

Design/Logic Flaw

Under certain circumstances, SAP HANA Extended Application Services, advanced model XS advanced does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 running on SAP HANA 1 or SAP HANA 2 SPS0 second S stands for stack...

CVE-2019-0266

Under certain conditions SAP HANA Extended Application Services, version 1.0, advanced model XS advanced writes credentials of platform users to a trace file of the SAP HANA system. Even though this trace file is protected from unauthorized access, the risk of leaking information is increased...

CVE-2019-0261

CVE-2019-0261 affects SAP HANA XS Advanced: improper authentication checks for XS Advanced platform and business users. Root cause described as authentication bypass in XS Advanced; fixed in SAP HANA 1/2 SPS0 as part of 1.0.97–1.0.99. The issue carried high risk with CVSS v3 base score 9.8 (NETWO...

CVE-2019-0266

The CVE-2019-0266 entry pertains to SAP HANA Extended Application Services (XS advanced) 1.0, where under certain conditions credentials of platform users are written to a SAP HANA system trace file. The root cause is that sensitive credentials are logged in a trace file, increasing the risk of i...

HANA DB credentials exposed to XSA applications

Application: SAP HANA Versions Affected: 1.0 SPS11, SPS12 and 2.0 with XS Advanced Vendor URL: SAP Bug: Information Disclosure Reported: 20.06.2017 Vendor response: 21.06.2017 Date of Public Advisory: 14.11.2017 Reference: SAP Security Note 2508673 Author: Mathieu Geli ERPScan VULNERABILITY...