Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap hana - vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2015-4159
SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote malicious users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892.
Sap Hana Web-based Development Workbench -
445
VMScore
CVE-2018-2373
Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0.
Sap Hana Extended Application Services 1.0
356
VMScore
CVE-2018-2374
In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve sensitive application data like service bindings within that space.
Sap Hana Extended Application Services 1.0
356
VMScore
CVE-2018-2378
In SAP HANA Extended Application Services, 1.0, unauthorized users can read statistical data about deployed applications including resource consumption.
Sap Hana Extended Application Services 1.0
490
VMScore
CVE-2019-0277
SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space (XML External Entity vulnerability).
Sap Hana Extended Application Services 1.0
356
VMScore
CVE-2019-0306
SAP HANA Extended Application Services (advanced model), version 1, allows authenticated low privileged XS Advanced Platform users such as SpaceAuditors to execute requests to obtain a complete list of SAP HANA user IDs and names.
Sap Hana Extended Application Services 1.0
356
VMScore
CVE-2020-6273
SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the malicious user to delete attachments due to Missing Authorization Check.
Sap S\\/4 Hana Fiori Ui For General Ledger Accounting 103
Sap S\\/4 Hana Fiori Ui For General Ledger Accounting 104
NA
CVE-2023-36920
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-FRAME-OPTIONS response header is not implemented, allowing an unauthenticated malicious user to attempt clickjacking, which could result in disclosure or modif...
Sap Enable Now Enable Now Consump Del 1704
Sap Enable Now Wpb Manager Hana 10
Sap Enable Now Wpb Manager Ce 10
Sap Enable Now Wpb Manager 1.0
668
VMScore
CVE-2017-7691
A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592.
Sap Trex -
1 Article
312
VMScore
CVE-2017-9655
A Cross-Site Scripting issue exists in OSIsoft PI Integrator for Business Analytics prior to 2016 R2, PI Integrator for Microsoft Azure prior to 2016 R2 SP1, and PI Integrator for SAP HANA prior to 2017. An attacker may be able to upload a malicious script that attempts to redire...
Osisoft Pi Integrator For Sap Hana
Osisoft Pi Integrator For Microsoft Azure
Osisoft Pi Integrator For Business Analystics
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »