Hana Security Vulnerabilities and Issues — Hana CVE List

Lucene search

SapHana

6 matches found

CVE•added 2014/07/31 2:55 p.m.•42 views

CVE-2014-5172

Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.0053EPSS

CVE•added 2014/04/10 8:55 p.m.•38 views

CVE-2014-2749

The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request.

5CVSS6.5AI score0.00516EPSS

CVE•added 2014/11/04 3:55 p.m.•38 views

CVE-2014-8587

SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.

7.5CVSS6.8AI score0.00585EPSS

CVE•added 2014/10/16 7:55 p.m.•37 views

CVE-2014-8313

Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors.

6CVSS8AI score0.00795EPSS

CVE•added 2014/11/04 3:55 p.m.•34 views

CVE-2014-8588

SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5CVSS8.6AI score0.00397EPSS

CVE•added 2014/10/16 7:55 p.m.•33 views

CVE-2014-8314

Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA Developer Edition Revision 70 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) epm/admin/DataGen.xsjs or (2) epm/services/multiply.xsjs in the democontent.

4.3CVSS5.8AI score0.00431EPSS