Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap hana - vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2019-0277
SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space (XML External Entity vulnerability).
Sap Hana Extended Application Services 1.0
NA
CVE-2015-4159
SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote malicious users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892.
Sap Hana Web-based Development Workbench -
4.3
CVSSv3
CVE-2019-0306
SAP HANA Extended Application Services (advanced model), version 1, allows authenticated low privileged XS Advanced Platform users such as SpaceAuditors to execute requests to obtain a complete list of SAP HANA user IDs and names.
Sap Hana Extended Application Services 1.0
6.6
CVSSv3
CVE-2018-2451
XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after...
Sap Hana Extended Application Services 1.0
7.5
CVSSv3
CVE-2017-16680
Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1) Certain HTTP/REST endpoints of controller service are missing user input validation which could allow unprivileged malicious users to forge audit log lines. Hence the interpretati...
Sap Hana Extended Application Services 1.0
NA
CVE-2014-8667
Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Sap Hana Web-based Development Workbench -
4.3
CVSSv3
CVE-2020-6273
SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the malicious user to delete attachments due to Missing Authorization Check.
Sap S\\/4 Hana Fiori Ui For General Ledger Accounting 103
Sap S\\/4 Hana Fiori Ui For General Ledger Accounting 104
6.1
CVSSv3
CVE-2023-36920
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-FRAME-OPTIONS response header is not implemented, allowing an unauthenticated malicious user to attempt clickjacking, which could result in disclosure or modif...
Sap Enable Now Enable Now Consump Del 1704
Sap Enable Now Wpb Manager Hana 10
Sap Enable Now Wpb Manager Ce 10
Sap Enable Now Wpb Manager 1.0
9.8
CVSSv3
CVE-2017-7691
A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592.
Sap Trex -
1 Article
5.4
CVSSv3
CVE-2017-9655
A Cross-Site Scripting issue exists in OSIsoft PI Integrator for Business Analytics prior to 2016 R2, PI Integrator for Microsoft Azure prior to 2016 R2 SP1, and PI Integrator for SAP HANA prior to 2017. An attacker may be able to upload a malicious script that attempts to redire...
Osisoft Pi Integrator For Sap Hana
Osisoft Pi Integrator For Microsoft Azure
Osisoft Pi Integrator For Business Analystics
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »