NotCVE - vendor:"Sap" product:"Hana" version:"1.00.73.00.389160"

Page 4 of 21 results (0.006 seconds)

CVSS: 7.5EPSS: 38%CPEs: 1EXPL: 2

CVE-2015-7986 – SAP HANA 1.00.095 - hdbindexserver Memory Corruption

https://notcve.org/view.php?id=CVE-2015-7986

The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 2197428. El servidor index (hdbindexserver) en SAP HANA 1.00.095 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de una petición HTTP, también conocida como SAP Security Note 2197428. • https://www.exploit-db.com/exploits/39382 http://packetstormsecurity.com/files/135416/SAP-HANA-hdbindexserver-Memory-Corruption.html http://scn.sap.com/community/security/blog/2015/10/14/sap-security-notes-october-2015--review http://seclists.org/fulldisclosure/2016/Jan/94 http://www.securityfocus.com/archive/1/537376/100/0/threaded https://erpscan.io/advisories/erpscan-15-024-sap-hana-hdbindexserver-memory-corruption • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-7728

https://notcve.org/view.php?id=CVE-2015-7728

Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to inject arbitrary web script or HTML via the username, aka SAP Security Note 2153898. Vulnerabilidad de XSS en la creación de usuario en el Web-based Development Workbench en SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del nombre de usuario, también conocida como SAP Security Note 2153898. • http://seclists.org/fulldisclosure/2015/Sep/116 https://www.onapsis.com/blog/analyzing-sap-security-notes-may-2015-edition https://www.onapsis.com/research/security-advisories/sap-hana-xss-user-creation-through-web-based-development • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-7727

https://notcve.org/view.php?id=CVE-2015-7727

Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the (1) trace configuration page or (2) getSqlTraceConfiguration function, aka SAP Security Note 2153898. Múltiples vulnerabilidades de inyección SQL en el Web-based Development Workbench en SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados en la (1) página trace configuration o (2) función getSqlTraceConfiguration, también conocidas como SAP Security Note 2153898. • http://packetstormsecurity.com/files/133766/SAP-HANA-Trace-Configuration-SQL-Injection.html http://packetstormsecurity.com/files/133768/SAP-HANA-getSqlTraceConfiguration-SQL-Injection.html http://seclists.org/fulldisclosure/2015/Sep/115 http://seclists.org/fulldisclosure/2015/Sep/117 http://www.onapsis.com/research/security-advisories/SAP-HANA-Trace-configuration-SQL-injection https://www.onapsis.com/blog/analyzing-sap-security-notes-may-2015-edition https://www.onapsis.com/research/security-advisories/sap-hana-sql- • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-3994

https://notcve.org/view.php?id=CVE-2015-3994

The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818. La aplicación grant.xsfunc en testApps/grantAccess/ en el motor XS en SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) permite a usuarios remotos autenticados falsificar entradas del registro a través de una solicitud manipulada, también conocido como la nota de seguridad de SAP 2109818. • http://packetstormsecurity.com/files/132067/SAP-HANA-Log-Injection.html http://seclists.org/fulldisclosure/2015/May/118 http://www.onapsis.com/research/security-advisories/SAP-HANA-Log-Injection-Vulnerability-in-Extended-Application-Services http://www.securityfocus.com/archive/1/535618/100/0/threaded http://www.securityfocus.com/bid/74859 • CWE-20: Improper Input Validation •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-3995

https://notcve.org/view.php?id=CVE-2015-3995

SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565. SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) permite a usuarios remotos autenticados leer ficheros arbitrarios a través de una declaración IMPORT FROM SQL, también conocido como la nota de seguridad de SAP 2109565. • http://packetstormsecurity.com/files/132066/SAP-HANA-Information-Disclosure.html http://seclists.org/fulldisclosure/2015/May/119 http://www.onapsis.com/research/security-advisories/SAP-HANA-Information-Disclosure-via-SQL-IMPORT-FROM-statement http://www.securityfocus.com/archive/1/535619/100/0/threaded http://www.securityfocus.com/bid/74861 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

1 2 3 4 5