CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-2369
https://notcve.org/view.php?id=CVE-2018-2369
Under certain conditions SAP HANA, 1.00, 2.00, allows an unauthenticated attacker to access information which would otherwise be restricted. An attacker can misuse the authentication function of the SAP HANA server on its SQL interface and disclose 8 bytes of the server process memory. The attacker cannot influence or predict the location of the leaked memory. Bajo ciertas condiciones, SAP HANA 1.00 y 2.00 permite que un atacante no autenticado acceda a información que, de otra forma, estaría restringida. Un atacante puede emplear erróneamente la función de autenticación del servidor de SAP HANA en su interfaz de SQL y revelar 8 bytes de la memoria del proceso del servidor. • http://www.securityfocus.com/bid/102997 https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018 https://launchpad.support.sap.com/#/notes/2572940 •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-2362
https://notcve.org/view.php?id=CVE-2018-2362
A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send specially crafted SOAP requests to the SAP Startup Service and disclose information such as the platform's hostname. Un atacante remoto no autenticado en SAP HANA 1.00 y 2.00 podría enviar peticiones SOAP especialmente manipuladas a SAP Startup Service y revelar información como el nombre del host de la plataforma. • http://www.securityfocus.com/bid/102452 https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018 https://launchpad.support.sap.com/#/notes/2575750 •
CVSS: 7.5EPSS: 38%CPEs: 1EXPL: 2CVE-2015-7986 – SAP HANA 1.00.095 - hdbindexserver Memory Corruption
https://notcve.org/view.php?id=CVE-2015-7986
The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 2197428. El servidor index (hdbindexserver) en SAP HANA 1.00.095 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de una petición HTTP, también conocida como SAP Security Note 2197428. • https://www.exploit-db.com/exploits/39382 http://packetstormsecurity.com/files/135416/SAP-HANA-hdbindexserver-Memory-Corruption.html http://scn.sap.com/community/security/blog/2015/10/14/sap-security-notes-october-2015--review http://seclists.org/fulldisclosure/2016/Jan/94 http://www.securityfocus.com/archive/1/537376/100/0/threaded https://erpscan.io/advisories/erpscan-15-024-sap-hana-hdbindexserver-memory-corruption • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2015-2072
https://notcve.org/view.php?id=CVE-2015-2072
Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or (2) xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs, aka SAP Note 2069676. Múltiples vulnerabilidades de XSS en SAP HANA 73 (1.00.73.00.389160) y HANA Developer Edition 80 (1.00.80.00.391861) permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados en (1) ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs o (2) xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs, también conocido como SAP Nota 2069676. • http://packetstormsecurity.com/files/130519/SAP-HANA-Web-based-Development-Workbench-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2015/Feb/91 http://www.securityfocus.com/archive/1/534747/100/0/threaded http://www.securityfocus.com/bid/72773 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •