CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 0CVE-2016-6144 – SAP HANA DB 1.00.73.00.389160 SYSTEM User Brute Force
https://notcve.org/view.php?id=CVE-2016-6144
05 Aug 2016 — The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the password_lock_for_system_user is not supported or is configured as "False," which makes it easier for remote attackers to bypass authentication via a brute force attack, aka SAP Security Note 2216869. La interfaz SQL en SAP HANA en versiones anteriores a Revision 102 no limita el número de intentos de inicio de sesión para el usuario SYSTEM cuando el password_lock_for_system_user no es ... • http://packetstormsecurity.com/files/138443/SAP-HANA-DB-1.00.73.00.389160-SYSTEM-User-Brute-Force.html • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7991 – SAP HANA Remote Trace Disclosure
https://notcve.org/view.php?id=CVE-2015-7991
09 Nov 2015 — The Web Dispatcher service in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to read web dispatcher and security trace files and possibly obtain passwords via unspecified vectors, aka SAP Security Note 2148854. el servicio Web Dispatcher en SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) permite a atacantes remotos leer archivos web dispatcher y security trace y posiblemente obtener contraseñas a través de vectores no especificados, también conocida como SAP Security Note 2148854. Due to ... • http://packetstormsecurity.com/files/134283/SAP-HANA-Remote-Trace-Disclosure.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7992 – SAP HANA EXECUTE_SEARCH_RULE_SET Stored Procedure Memory Corruption
https://notcve.org/view.php?id=CVE-2015-7992
09 Nov 2015 — SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to cause a denial of service (memory corruption and indexserver crash) via unspecified vectors to the EXECUTE_SEARCH_RULE_SET stored procedure, aka SAP Security Note 2175928. SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) permite a usuarios remotos autenticados causar una denegación de servicio (consumo de memoria y caída de indexserver) a través de vectores no especificados en el procedimiento EXECUTE_SEARCH_RULE_SET almacenado, t... • http://packetstormsecurity.com/files/134284/SAP-HANA-EXECUTE_SEARCH_RULE_SET-Stored-Procedure-Memory-Corruption.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 0CVE-2015-7993 – SAP HANA HTTP Login Remote Code Execution
https://notcve.org/view.php?id=CVE-2015-7993
09 Nov 2015 — The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "HTTP Login," aka SAP Security Note 2197397. Extended Application Services (también conocido como XS o XS Engine) en SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados relacionados con 'HTTP Login,' también conocida como SAP Security No... • http://packetstormsecurity.com/files/134286/SAP-HANA-HTTP-Login-Remote-Code-Execution.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 0CVE-2015-7994 – SAP HANA SQL Login Remote Code Execution
https://notcve.org/view.php?id=CVE-2015-7994
09 Nov 2015 — The SQL interface in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "SQL Login," aka SAP Security Note 2197428. La interfaz SQL en SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados relacionados con 'SQL Login,' también conocida como SAP Security Note 2197428. Sending a crafted packet to the SAP HANA SQL interface, a remote unauthenticated ... • http://packetstormsecurity.com/files/134287/SAP-HANA-SQL-Login-Remote-Code-Execution.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 75%CPEs: 1EXPL: 2CVE-2015-7986 – SAP HANA 1.00.095 - hdbindexserver Memory Corruption
https://notcve.org/view.php?id=CVE-2015-7986
27 Oct 2015 — The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 2197428. El servidor index (hdbindexserver) en SAP HANA 1.00.095 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de una petición HTTP, también conocida como SAP Security Note 2197428. • https://www.exploit-db.com/exploits/39382 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7728
https://notcve.org/view.php?id=CVE-2015-7728
15 Oct 2015 — Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to inject arbitrary web script or HTML via the username, aka SAP Security Note 2153898. Vulnerabilidad de XSS en la creación de usuario en el Web-based Development Workbench en SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del nom... • http://seclists.org/fulldisclosure/2015/Sep/116 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7727
https://notcve.org/view.php?id=CVE-2015-7727
15 Oct 2015 — Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the (1) trace configuration page or (2) getSqlTraceConfiguration function, aka SAP Security Note 2153898. Múltiples vulnerabilidades de inyección SQL en el Web-based Development Workbench en SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) permite a usuarios remotos autenticados ejecutar comando... • http://packetstormsecurity.com/files/133766/SAP-HANA-Trace-Configuration-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3994 – SAP HANA Log Injection
https://notcve.org/view.php?id=CVE-2015-3994
27 May 2015 — The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818. La aplicación grant.xsfunc en testApps/grantAccess/ en el motor XS en SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) permite a usuarios remotos autenticados falsificar entradas del registro a través de una solicitud manipulada, también conocido como la nota de seguridad de SAP 2109818.... • http://packetstormsecurity.com/files/132067/SAP-HANA-Log-Injection.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3995 – SAP HANA Information Disclosure
https://notcve.org/view.php?id=CVE-2015-3995
27 May 2015 — SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565. SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) permite a usuarios remotos autenticados leer ficheros arbitrarios a través de una declaración IMPORT FROM SQL, también conocido como la nota de seguridad de SAP 2109565. SAP HANA suffers from an information disclosure vulnerability via SQL IMPORT FROM statements. • http://packetstormsecurity.com/files/132066/SAP-HANA-Information-Disclosure.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •