CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 0CVE-2016-6144
https://notcve.org/view.php?id=CVE-2016-6144
The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the password_lock_for_system_user is not supported or is configured as "False," which makes it easier for remote attackers to bypass authentication via a brute force attack, aka SAP Security Note 2216869. La interfaz SQL en SAP HANA en versiones anteriores a Revision 102 no limita el número de intentos de inicio de sesión para el usuario SYSTEM cuando el password_lock_for_system_user no es apoyado o está configurado como "False," lo que facilita a atacantes remotos eludir la autenticación a través de un ataque de fuerza bruta, también conocido como SAP Security Note 2216869. • http://packetstormsecurity.com/files/138443/SAP-HANA-DB-1.00.73.00.389160-SYSTEM-User-Brute-Force.html http://seclists.org/fulldisclosure/2016/Aug/91 http://www.securityfocus.com/bid/92065 https://www.onapsis.com/blog/onapsis-publishes-15-advisories-sap-hana-and-building-components https://www.onapsis.com/research/security-advisories/sap-hana-system-user-brute-force-attack • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 0CVE-2015-7994
https://notcve.org/view.php?id=CVE-2015-7994
The SQL interface in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "SQL Login," aka SAP Security Note 2197428. La interfaz SQL en SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados relacionados con 'SQL Login,' también conocida como SAP Security Note 2197428. • http://packetstormsecurity.com/files/134287/SAP-HANA-SQL-Login-Remote-Code-Execution.html http://seclists.org/fulldisclosure/2015/Nov/40 https://www.onapsis.com/blog/analyzing-sap-security-notes-october-2015 https://www.onapsis.com/research/security-advisories/SAP_HANA_Remote_Code_Execution_SQL_based • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 0CVE-2015-7993
https://notcve.org/view.php?id=CVE-2015-7993
The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "HTTP Login," aka SAP Security Note 2197397. Extended Application Services (también conocido como XS o XS Engine) en SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados relacionados con 'HTTP Login,' también conocida como SAP Security Note 2197397. • http://packetstormsecurity.com/files/134286/SAP-HANA-HTTP-Login-Remote-Code-Execution.html http://seclists.org/fulldisclosure/2015/Nov/39 https://www.onapsis.com/blog/analyzing-sap-security-notes-september-2015 https://www.onapsis.com/research/security-advisories/SAP_HANA_Remote_Code_Execution_HTTP_based • CWE-20: Improper Input Validation •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7992
https://notcve.org/view.php?id=CVE-2015-7992
SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to cause a denial of service (memory corruption and indexserver crash) via unspecified vectors to the EXECUTE_SEARCH_RULE_SET stored procedure, aka SAP Security Note 2175928. SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) permite a usuarios remotos autenticados causar una denegación de servicio (consumo de memoria y caída de indexserver) a través de vectores no especificados en el procedimiento EXECUTE_SEARCH_RULE_SET almacenado, también conocida como SAP Security Note 2175928. • http://packetstormsecurity.com/files/134284/SAP-HANA-EXECUTE_SEARCH_RULE_SET-Stored-Procedure-Memory-Corruption.html http://scn.sap.com/community/security/blog/2015/08/18/sap-security-notes-august-2015 http://seclists.org/fulldisclosure/2015/Nov/38 http://www.onapsis.com/research/security-advisories/SAP_HANA_EXECUTE_SEARCH_RULE_SET_Stored_Procedure_Memory_corruption • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7991
https://notcve.org/view.php?id=CVE-2015-7991
The Web Dispatcher service in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to read web dispatcher and security trace files and possibly obtain passwords via unspecified vectors, aka SAP Security Note 2148854. el servicio Web Dispatcher en SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) permite a atacantes remotos leer archivos web dispatcher y security trace y posiblemente obtener contraseñas a través de vectores no especificados, también conocida como SAP Security Note 2148854. • http://packetstormsecurity.com/files/134283/SAP-HANA-Remote-Trace-Disclosure.html http://seclists.org/fulldisclosure/2015/Nov/37 http://www.onapsis.com/research/security-advisories/SAP_HANA_Remote_Trace_Disclosure • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •