Hana@1.00.73.00.389160 Security Vulnerabilities and Issues — Hana@1.00.73.00.389160 CVE List

Lucene search

SapHana1.00.73.00.389160

12 matches found

CVE•added 2015/11/10 5:59 p.m.•49 views

CVE-2015-7991

The Web Dispatcher service in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to read web dispatcher and security trace files and possibly obtain passwords via unspecified vectors, aka SAP Security Note 2148854.

5CVSS7AI score0.00211EPSS

CVE•added 2015/11/10 5:59 p.m.•48 views

CVE-2015-7993

The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "HTTP Login," aka SAP Security Note 2197397.

7.5CVSS7.9AI score0.00413EPSS

CVE•added 2015/02/27 3:59 p.m.•43 views

CVE-2015-2072

Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs o...

4.3CVSS5.8AI score0.00256EPSS

CVE•added 2015/05/29 3:59 p.m.•42 views

CVE-2015-3994

The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818.

4CVSS6.2AI score0.00251EPSS

CVE•added 2015/05/29 3:59 p.m.•41 views

CVE-2015-3995

SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565.

4CVSS7AI score0.00251EPSS

CVE•added 2015/11/10 5:59 p.m.•41 views

CVE-2015-7994

The SQL interface in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "SQL Login," aka SAP Security Note 2197428.

7.5CVSS8.4AI score0.01815EPSS

CVE•added 2015/10/15 8:59 p.m.•39 views

CVE-2015-7727

Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the (1) trace configuration page or (2) getSqlTraceConfiguration function, aka ...

6.5CVSS8.2AI score0.006EPSS

CVE•added 2015/10/15 8:59 p.m.•36 views

CVE-2015-7728

Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to inject arbitrary web script or HTML via the username, aka SAP Security Note 2153898.

3.5CVSS5.4AI score0.00179EPSS

CVE•added 2015/11/10 5:59 p.m.•35 views

CVE-2015-7992

SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to cause a denial of service (memory corruption and indexserver crash) via unspecified vectors to the EXECUTE_SEARCH_RULE_SET stored procedure, aka SAP Security Note 2175928.

4CVSS6.4AI score0.0038EPSS

CVE•added 2017/04/13 2:59 p.m.•34 views

CVE-2016-6143

SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806.

9.8CVSS9.5AI score0.06547EPSS

CVE•added 2016/08/05 2:59 p.m.•32 views

CVE-2016-6148

SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service (process termination) or execute arbitrary code via vectors related to an IMPORT statement, aka SAP Security Note 2233136.

7.5CVSS7.8AI score0.02598EPSS

CVE•added 2016/09/26 4:59 p.m.•28 views

CVE-2016-6142

SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459.

7.5CVSS7.5AI score0.01219EPSS