Hana@2.0 Security Vulnerabilities and Issues — Hana@2.0 CVE List

Lucene search

SapHana2.0

5 matches found

CVE•added 2019/09/10 5:15 p.m.•56 views

CVE-2019-0357

The administrator of SAP HANA database, before versions 1.0 and 2.0, can misuse HANA to execute commands with operating system "root" privileges.

7.2CVSS6.8AI score0.00029EPSS

CVE•added 2019/04/10 9:29 p.m.•41 views

CVE-2019-0284

SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML document accepted from an untrusted source. The attacker can call SLDREG with an XML file containing a reference to an XML External Entity (XXE). This can cause SLDREG to, for example, continuously loop,...

6CVSS5.8AI score0.00044EPSS

CVE•added 2021/03/09 3:15 p.m.•41 views

CVE-2021-21484

LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable unauthenticated bind.

9.8CVSS9.5AI score0.00222EPSS

CVE•added 2018/09/11 3:29 p.m.•37 views

CVE-2018-2465

SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash.

7.5CVSS7.5AI score0.00632EPSS

CVE•added 2018/12/11 11:0 p.m.•35 views

CVE-2018-2497

The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE <table_name> AS SELECT.

4CVSS4.2AI score0.00241EPSS