Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap hana extended application services - vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2015-1311
The Extended Application Services (XS) in SAP HANA allows remote malicious users to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sap Hana Extended Application Services -
755
VMScore
CVE-2015-7986
The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 2197428.
Sap Hana
1 EDB exploit
668
VMScore
CVE-2019-0261
Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP HANA 2 SPS0 (second S stands for ...
Sap Landscape Management 3.0
668
VMScore
CVE-2015-7993
The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote malicious users to execute arbitrary code via unspecified vectors related to "HTTP Login," aka SAP Security Note 2197397.
Sap Hana 1.00.73.00.389160
534
VMScore
CVE-2018-2451
XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after...
Sap Hana Extended Application Services 1.0
490
VMScore
CVE-2019-0363
Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to overload the server or retrieve information about internal network ports.
Sap Hana Extended Application Services
490
VMScore
CVE-2019-0277
SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space (XML External Entity vulnerability).
Sap Hana Extended Application Services 1.0
490
VMScore
CVE-2018-2375
In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space.
Sap Hana Extended Application Services 1.0
490
VMScore
CVE-2018-2376
In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space.
Sap Hana Extended Application Services 1.0
445
VMScore
CVE-2019-0266
Under certain conditions SAP HANA Extended Application Services, version 1.0, advanced model (XS advanced) writes credentials of platform users to a trace file of the SAP HANA system. Even though this trace file is protected from unauthorized access, the risk of leaking informati...
Sap Hana Extended Application Services 1.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »