7 matches found
CVE-2018-2377
In SAP HANA Extended Application Services, 1.0, some general server statistics and status information could be retrieved by unauthorized users.
CVE-2018-2372
A plain keystore password is written to a system log file in SAP HANA Extended Application Services, 1.0, which could endanger confidentiality of SSL communication.
CVE-2018-2378
In SAP HANA Extended Application Services, 1.0, unauthorized users can read statistical data about deployed applications including resource consumption.
CVE-2018-2374
In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve sensitive application data like service bindings within that space.
CVE-2019-0277
SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space (XML External Entity vulnerability).
CVE-2018-2379
In SAP HANA Extended Application Services, 1.0, an unauthenticated user could test if a given username is valid by evaluating error messages of a specific endpoint.
CVE-2018-2451
XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding auth...