Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hana vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2015-2072
Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors to (1) ide/core/plugins/editor/templates/trace/hana...
Sap Hana 1.00.73.00.389160
Sap Hana 1.00.80.00.391861
7.5
CVSSv2
CVE-2017-8914
sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote malicious users to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694.
Sap Hana Xs 2.00
Sap Hana Xs 1.00
5
CVSSv2
CVE-2019-0350
SAP HANA Database, versions 1.0, 2.0, allows an unauthorized malicious user to send a malformed connection request, which crashes the indexserver of an SAP HANA instance, leading to Denial of Service
Sap Hana Database 2.00
Sap Hana Database 1.00
5.5
CVSSv2
CVE-2021-21474
SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and wi...
Sap Hana Database 2.00
Sap Hana Database 1.00
5
CVSSv2
CVE-2017-16687
The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts. An unauthenticated user could use the error messages to determine if ...
Sap Hana Database 2.00
Sap Hana Database 1.00
5
CVSSv2
CVE-2017-8915
sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote malicious users to cause a denial of service (assertion failure and service crash) by pushing a package with a filename containing a $ (dollar sign) or % (percent) character, aka SAP Security Note 2407694.
Sap Hana Xs 2.00
Sap Hana Xs 1.00
4.3
CVSSv2
CVE-2018-2502
TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST (Cross Site Tracing) attack if frontend applications that are using Service Layer has a XSS vulnerability. This has been fixed in SAP Business One Service Layer (B1_ON_HANA, versions 9.2, 9.3).
Sap Business One On Hana 9.2
Sap Business One On Hana 9.3
7.5
CVSSv2
CVE-2015-7986
The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 2197428.
Sap Hana
1 EDB exploit
7.5
CVSSv2
CVE-2016-6150
The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote malicious users to bypass intended access restrictions and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2233550.
Sap Hana -
5
CVSSv2
CVE-2016-4017
The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote malicious users to cause a denial of service (process crash) via unspecified vectors, aka SAP Security Note 2262710.
Sap Hana -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924
CVE-2024-3400
overflow
CVE-2024-23528
CVE-2024-21338
CVE-2024-3818
CVE-2024-23535
NULL pointer dereference
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »