CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7727
https://notcve.org/view.php?id=CVE-2015-7727
15 Oct 2015 — Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the (1) trace configuration page or (2) getSqlTraceConfiguration function, aka SAP Security Note 2153898. Múltiples vulnerabilidades de inyección SQL en el Web-based Development Workbench en SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) permite a usuarios remotos autenticados ejecutar comando... • http://packetstormsecurity.com/files/133766/SAP-HANA-Trace-Configuration-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6507 – SAP HANA hdbsql Memory Corruption
https://notcve.org/view.php?id=CVE-2015-6507
29 Sep 2015 — The hdbsql client 1.00.091.00 Build 1418659308-1530 in SAP HANA allows local users to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2140700. El cliente hdbsql 1.00.091.00 Build 1418659308-1530 en SAP HANA permite a usuarios locales causar una denegación de servicio (corrupción de memoria) y posiblemente tener otro impácto no especificado a través de vectores desconocidos, también conocido como SAP Security Note 2140700. SA... • http://packetstormsecurity.com/files/133760/SAP-HANA-hdbsql-Memory-Corruption.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-4159
https://notcve.org/view.php?id=CVE-2015-4159
02 Jun 2015 — SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892. Vulnerabilidad de inyección SQL en SAP HANA Web-based Development Workbench permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados, también conocido como la nota de seguridad de SAP 2153892. • http://seclists.org/fulldisclosure/2015/May/96 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3994 – SAP HANA Log Injection
https://notcve.org/view.php?id=CVE-2015-3994
27 May 2015 — The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818. La aplicación grant.xsfunc en testApps/grantAccess/ en el motor XS en SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) permite a usuarios remotos autenticados falsificar entradas del registro a través de una solicitud manipulada, también conocido como la nota de seguridad de SAP 2109818.... • http://packetstormsecurity.com/files/132067/SAP-HANA-Log-Injection.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3995 – SAP HANA Information Disclosure
https://notcve.org/view.php?id=CVE-2015-3995
27 May 2015 — SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565. SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) permite a usuarios remotos autenticados leer ficheros arbitrarios a través de una declaración IMPORT FROM SQL, también conocido como la nota de seguridad de SAP 2109565. SAP HANA suffers from an information disclosure vulnerability via SQL IMPORT FROM statements. • http://packetstormsecurity.com/files/132066/SAP-HANA-Information-Disclosure.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2015-2072 – SAP HANA Web-based Development Workbench Cross Site Scripting
https://notcve.org/view.php?id=CVE-2015-2072
25 Feb 2015 — Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or (2) xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs, aka SAP Note 2069676. Múltiples vulnerabilidades de XSS en SAP HANA 73 (1.00.73.00.389160) y HANA Developer Edition 80 (1.00.80.00.391861) permiten ... • http://packetstormsecurity.com/files/130519/SAP-HANA-Web-based-Development-Workbench-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1311
https://notcve.org/view.php?id=CVE-2015-1311
22 Jan 2015 — The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Extended Application Services (XS) en SAP HANA permite a atacantes remotos inyectar código ABAP arbitrario a través de vectores no especificados, también conocido como SAP Nota 2098906. NOTA: la fuente de esta información se desconoce; los detal... • https://erpscan.io/press-center/blog/sap-critical-patch-update-january-2015 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8667
https://notcve.org/view.php?id=CVE-2014-8667
06 Nov 2014 — Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en SAP HANA Web-based Development Workbench permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8588
https://notcve.org/view.php?id=CVE-2014-8588
04 Nov 2014 — SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en metadata.xsjs en SAP HANA 1.00.60.379371 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • https://erpscan.io/advisories/erpscan-14-013-sap-hana-metadata-xsjs-sql-injection • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-8587
https://notcve.org/view.php?id=CVE-2014-8587
04 Nov 2014 — SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors. SAPCRYPTOLIB anterior a 5.555.38, SAPSECULIB, y CommonCryptoLib anterior a 8.4.30, utilizados en SAP NetWeaver AS para ABAP y SAP HANA, permiten a atacantes remotos falsificar firmas Digital Signature Algorithm (DSA) a través de vectores no especificados. • http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing • CWE-310: Cryptographic Issues •