CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8313
https://notcve.org/view.php?id=CVE-2014-8313
Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors. Vulnerabilidad de inyección eval en ide/core/base/server/net.xsjs en Developer Workbench de SAP HANA permite a atacantes remotos ejecutar código XSJS arbitrario a través de vectores sin especificar. • http://packetstormsecurity.com/files/128597/SAP-HANA-Web-based-Development-Workbench-Code-Injection.html http://scn.sap.com/docs/DOC-55451 http://seclists.org/fulldisclosure/2014/Oct/36 http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-028 http://www.securityfocus.com/archive/1/533643/100/0/threaded http://www.securityfocus.com/bid/70293 https://exchange.xforce.ibmcloud.com/vulnerabilities/96879 https://service.sap.com/sap/support/notes/2015446 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 2.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5171
https://notcve.org/view.php?id=CVE-2014-5171
SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network. SAP HANA Extend Application Services (XS) no codifica las transmisiones para aplicaciones que habilitan la autenticación basada en formularios utilizando SSL, lo que permite a atacantes remotos obtener credenciales y otra información sensible mediante la captura del trafico de la red. • http://packetstormsecurity.com/files/127666/SAP-HANA-XS-Missing-Encryption.html http://scn.sap.com/docs/DOC-8218 http://seclists.org/fulldisclosure/2014/Jul/149 http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-021 http://www.securityfocus.com/archive/1/532940/100/0/threaded http://www.securityfocus.com/bid/68947 https://service.sap.com/sap/support/notes/1963932 • CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5172
https://notcve.org/view.php?id=CVE-2014-5172
Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en XS Administration Tools en SAP HANA permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://packetstormsecurity.com/files/127670/SAP-HANA-XS-Administration-Tool-Cross-Site-Scripting.html http://scn.sap.com/docs/DOC-8218 http://seclists.org/fulldisclosure/2014/Jul/153 http://secunia.com/advisories/59634 http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-025 http://www.securityfocus.com/archive/1/532941/100/0/threaded http://www.securityfocus.com/bid/68952 https://exchange.xforce.ibmcloud.com/vulnerabilities/94922 https://service.sap.com/sap/support/notes& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5173
https://notcve.org/view.php?id=CVE-2014-5173
SAP HANA Extend Application Services (XS) allows remote attackers to bypass access restrictions via a request to a private IU5 SDK application that was once public. SAP HANA Extend Application Services (XS) permite a atacantes remotos evadir los restricciones de acceso a través de una solicitud a una aplicación IU5 SDK privada que había sido pública anteriormente. • http://packetstormsecurity.com/files/127667/SAP-HANA-IU5-SDK-Authentication-Bypass.html http://scn.sap.com/docs/DOC-8218 http://seclists.org/fulldisclosure/2014/Jul/150 http://www.securityfocus.com/archive/1/532944/100/0/threaded http://www.securityfocus.com/bid/68950 https://exchange.xforce.ibmcloud.com/vulnerabilities/94931 https://service.sap.com/sap/support/notes/1964428 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2749
https://notcve.org/view.php?id=CVE-2014-2749
The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request. El proceso HANA ICM en SAP HANA permite a atacantes remotos obtener la versión plataforma, nombre de host, número de instancia y posiblemente otra información sensible a través de una solicitud HTTP GET malformada. • http://secunia.com/advisories/57443 http://www.onapsis.com/get.php?resid=adv_onapsis-2014-001 http://www.onapsis.com/research-advisories.php http://www.securityfocus.com/bid/66675 https://exchange.xforce.ibmcloud.com/vulnerabilities/92325 https://service.sap.com/sap/support/notes/1914778 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •