Hana Security Vulnerabilities and Issues — Hana CVE List

Lucene search

SapHana

12 matches found

CVE•added 2019/09/10 5:15 p.m.•56 views

CVE-2019-0357

The administrator of SAP HANA database, before versions 1.0 and 2.0, can misuse HANA to execute commands with operating system "root" privileges.

7.2CVSS6.8AI score0.00029EPSS

CVE•added 2015/11/10 5:59 p.m.•48 views

CVE-2015-7993

The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "HTTP Login," aka SAP Security Note 2197397.

7.5CVSS7.9AI score0.00413EPSS

CVE•added 2015/10/27 4:59 p.m.•47 views

CVE-2015-7986

The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 2197428.

7.5CVSS7.9AI score0.25849EPSS

CVE•added 2016/04/14 2:59 p.m.•42 views

CVE-2016-4017

The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of service (process crash) via unspecified vectors, aka SAP Security Note 2262710.

7.5CVSS7.3AI score0.00499EPSS

CVE•added 2015/10/15 8:59 p.m.•41 views

CVE-2015-6507

The hdbsql client 1.00.091.00 Build 1418659308-1530 in SAP HANA allows local users to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2140700.

7.2CVSS7AI score0.00055EPSS

CVE•added 2015/11/10 5:59 p.m.•41 views

CVE-2015-7994

The SQL interface in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "SQL Login," aka SAP Security Note 2197428.

7.5CVSS8.4AI score0.01815EPSS

CVE•added 2014/11/04 3:55 p.m.•38 views

CVE-2014-8587

SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.

7.5CVSS6.8AI score0.00585EPSS

CVE•added 2018/09/11 3:29 p.m.•37 views

CVE-2018-2465

SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash.

7.5CVSS7.5AI score0.00632EPSS

CVE•added 2014/11/04 3:55 p.m.•34 views

CVE-2014-8588

SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5CVSS8.6AI score0.00397EPSS

CVE•added 2016/04/14 2:59 p.m.•34 views

CVE-2016-4018

The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and conduct unspecified other attacks via unspecified vectors, aka SAP Security Note 2262742.

7.5CVSS7.2AI score0.00408EPSS

CVE•added 2016/08/05 2:59 p.m.•32 views

CVE-2016-6148

SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service (process termination) or execute arbitrary code via vectors related to an IMPORT statement, aka SAP Security Note 2233136.

7.5CVSS7.8AI score0.02598EPSS

CVE•added 2016/09/26 4:59 p.m.•28 views

CVE-2016-6142

SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459.

7.5CVSS7.5AI score0.01219EPSS