CPE Details

SAP HANA
sap
hana
-
2014-04-11
16h30 +00:00
2014-04-16
18h31 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:sap:hana:-:*:*:*:*:*:*:*

Informations

Vendor

sap

Product

hana

Version

-

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2016-6144 2016-08-05 12h00 +00:00 The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the password_lock_for_system_user is not supported or is configured as "False," which makes it easier for remote attackers to bypass authentication via a brute force attack, aka SAP Security Note 2216869.
8.1
Haute
CVE-2016-6150 2016-08-05 12h00 +00:00 The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended access restrictions and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2233550.
9.8
Critique
CVE-2016-4017 2016-04-14 12h00 +00:00 The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of service (process crash) via unspecified vectors, aka SAP Security Note 2262710.
7.5
Haute
CVE-2016-4018 2016-04-14 12h00 +00:00 The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and conduct unspecified other attacks via unspecified vectors, aka SAP Security Note 2262742.
7.3
Haute
CVE-2016-1928 2016-01-20 15h00 +00:00 Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security Note 2241978.
9.8
Critique
CVE-2016-1929 2016-01-20 15h00 +00:00 The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, related to an unspecified debug function, aka SAP Security Note 2241978.
9.3
Critique
CVE-2015-7986 2015-10-27 15h00 +00:00 The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 2197428.
7.5
CVE-2014-8587 2014-11-04 15h00 +00:00 SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.
7.5
CVE-2014-8313 2014-10-16 17h00 +00:00 Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors.
6
CVE-2014-5172 2014-07-31 12h00 +00:00 Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.3
CVE-2014-2749 2014-04-10 13h00 +00:00 The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request.
5