CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1311
https://notcve.org/view.php?id=CVE-2015-1311
The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Extended Application Services (XS) en SAP HANA permite a atacantes remotos inyectar código ABAP arbitrario a través de vectores no especificados, también conocido como SAP Nota 2098906. NOTA: la fuente de esta información se desconoce; los detalles se obtienen únicamente de información de terceras partes. • https://erpscan.io/press-center/blog/sap-critical-patch-update-january-2015 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8667
https://notcve.org/view.php?id=CVE-2014-8667
Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en SAP HANA Web-based Development Workbench permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition http://service.sap.com/sap/support/notes/0002069676 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8588
https://notcve.org/view.php?id=CVE-2014-8588
SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en metadata.xsjs en SAP HANA 1.00.60.379371 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • https://erpscan.io/advisories/erpscan-14-013-sap-hana-metadata-xsjs-sql-injection https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014 https://exchange.xforce.ibmcloud.com/vulnerabilities/98579 https://service.sap.com/sap/support/notes/2067972 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-8587
https://notcve.org/view.php?id=CVE-2014-8587
SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors. SAPCRYPTOLIB anterior a 5.555.38, SAPSECULIB, y CommonCryptoLib anterior a 8.4.30, utilizados en SAP NetWeaver AS para ABAP y SAP HANA, permiten a atacantes remotos falsificar firmas Digital Signature Algorithm (DSA) a través de vectores no especificados. • http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing http://secunia.com/advisories/57606 http://service.sap.com/sap/support/notes/2067859 https://twitter.com/SAP_Gsupport/status/522401681997570048 • CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8314
https://notcve.org/view.php?id=CVE-2014-8314
Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA Developer Edition Revision 70 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) epm/admin/DataGen.xsjs or (2) epm/services/multiply.xsjs in the democontent. Vulnerabilidad de XSS en SAP HANA Developer Edition Revision 70 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores sin especificar en (1) epm/admin/DataGen.xsjs o (2) epm/services/multiply.xsjs en el democontent. • http://packetstormsecurity.com/files/128598/SAP-HANA-Reflective-Cross-Site-Scripting.html http://scn.sap.com/docs/DOC-55451 http://seclists.org/fulldisclosure/2014/Oct/37 http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-027 http://www.securityfocus.com/archive/1/533644/100/0/threaded http://www.securityfocus.com/bid/70307 https://exchange.xforce.ibmcloud.com/vulnerabilities/96878 https://service.sap.com/sap/support/notes/2009696 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •