Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:sap:hana:1.00:*:*:*:*:*:*:*
Informations
Vendor
sapProduct
hanaVersion
1.00Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear text in the indexserver trace files of the control system. An attacker with the required authorizations on the control system may be able to access the user credentials and gain unauthorized access to data in the captured or target system. | 8.4 |
Haute |
||
| Under certain conditions SAP HANA, 1.00, 2.00, allows an unauthenticated attacker to access information which would otherwise be restricted. An attacker can misuse the authentication function of the SAP HANA server on its SQL interface and disclose 8 bytes of the server process memory. The attacker cannot influence or predict the location of the leaked memory. | 5.3 |
Moyen |
||
| A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send specially crafted SOAP requests to the SAP Startup Service and disclose information such as the platform's hostname. | 5.3 |
Moyen |
||
| The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the password_lock_for_system_user is not supported or is configured as "False," which makes it easier for remote attackers to bypass authentication via a brute force attack, aka SAP Security Note 2216869. | 8.1 |
Haute |
||
| The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 2197428. | 7.5 |
2025©
tesweb SA
