Hana@- Security Vulnerabilities and Issues — Hana@- CVE List

Lucene search

SapHana-

9 matches found

CVE•added 2014/07/31 2:55 p.m.•42 views

CVE-2014-5172

Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.0053EPSS

CVE•added 2016/04/14 2:59 p.m.•42 views

CVE-2016-4017

The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of service (process crash) via unspecified vectors, aka SAP Security Note 2262710.

7.5CVSS7.3AI score0.00499EPSS

CVE•added 2014/04/10 8:55 p.m.•38 views

CVE-2014-2749

The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request.

5CVSS6.5AI score0.00516EPSS

CVE•added 2014/11/04 3:55 p.m.•38 views

CVE-2014-8587

SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.

7.5CVSS6.8AI score0.00585EPSS

CVE•added 2016/01/20 4:59 p.m.•38 views

CVE-2016-1929

The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, related to an unspecified debug function, aka SAP Security Note 2241978.

9.3CVSS8.6AI score0.01328EPSS

CVE•added 2014/10/16 7:55 p.m.•37 views

CVE-2014-8313

Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors.

6CVSS8AI score0.00795EPSS

CVE•added 2016/08/05 2:59 p.m.•36 views

CVE-2016-6150

The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended access restrictions and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2233550.

9.8CVSS9.8AI score0.0175EPSS

CVE•added 2016/01/20 4:59 p.m.•35 views

CVE-2016-1928

Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security Note 2241978.

9.8CVSS9.6AI score0.37328EPSS

CVE•added 2016/04/14 2:59 p.m.•34 views

CVE-2016-4018

The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and conduct unspecified other attacks via unspecified vectors, aka SAP Security Note 2262742.

7.5CVSS7.2AI score0.00408EPSS