Hana Extended Application Services Security Vulnerabilities and Issues — Hana Extended Application Services CVE List

Lucene search

SapHana Extended Application Services

5 matches found

CVE•added 2019/09/10 5:15 p.m.•73 views

CVE-2019-0363

Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to overload the server or retrieve information about internal network ports.

7.1CVSS6.8AI score0.00371EPSS

CVE•added 2019/09/10 5:15 p.m.•67 views

CVE-2019-0364

Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to enumerate open ports.

4.3CVSS4.7AI score0.00197EPSS

CVE•added 2019/06/12 3:29 p.m.•63 views

CVE-2019-0306

SAP HANA Extended Application Services (advanced model), version 1, allows authenticated low privileged XS Advanced Platform users such as SpaceAuditors to execute requests to obtain a complete list of SAP HANA user IDs and names.

4.3CVSS4.7AI score0.00197EPSS

CVE•added 2019/03/12 10:29 p.m.•36 views

CVE-2019-0277

SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space (XML External Entity vulnerability).

6.5CVSS6.4AI score0.00777EPSS

CVE•added 2019/02/15 6:29 p.m.•34 views

CVE-2019-0266

Under certain conditions SAP HANA Extended Application Services, version 1.0, advanced model (XS advanced) writes credentials of platform users to a trace file of the SAP HANA system. Even though this trace file is protected from unauthorized access, the risk of leaking information is increased.

7.5CVSS7.3AI score0.00386EPSS