CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8313
https://notcve.org/view.php?id=CVE-2014-8313
16 Oct 2014 — Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors. Vulnerabilidad de inyección eval en ide/core/base/server/net.xsjs en Developer Workbench de SAP HANA permite a atacantes remotos ejecutar código XSJS arbitrario a través de vectores sin especificar. • http://packetstormsecurity.com/files/128597/SAP-HANA-Web-based-Development-Workbench-Code-Injection.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8314
https://notcve.org/view.php?id=CVE-2014-8314
16 Oct 2014 — Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA Developer Edition Revision 70 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) epm/admin/DataGen.xsjs or (2) epm/services/multiply.xsjs in the democontent. Vulnerabilidad de XSS en SAP HANA Developer Edition Revision 70 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores sin especificar en (1) epm/admin/DataGen.xsjs o (2) epm/services/multiply.xsjs e... • http://packetstormsecurity.com/files/128598/SAP-HANA-Reflective-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5172
https://notcve.org/view.php?id=CVE-2014-5172
31 Jul 2014 — Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en XS Administration Tools en SAP HANA permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://packetstormsecurity.com/files/127670/SAP-HANA-XS-Administration-Tool-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5173
https://notcve.org/view.php?id=CVE-2014-5173
31 Jul 2014 — SAP HANA Extend Application Services (XS) allows remote attackers to bypass access restrictions via a request to a private IU5 SDK application that was once public. SAP HANA Extend Application Services (XS) permite a atacantes remotos evadir los restricciones de acceso a través de una solicitud a una aplicación IU5 SDK privada que había sido pública anteriormente. • http://packetstormsecurity.com/files/127667/SAP-HANA-IU5-SDK-Authentication-Bypass.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5171
https://notcve.org/view.php?id=CVE-2014-5171
31 Jul 2014 — SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network. SAP HANA Extend Application Services (XS) no codifica las transmisiones para aplicaciones que habilitan la autenticación basada en formularios utilizando SSL, lo que permite a atacantes remotos obtener credenciales y otra información sensible mediante la captura d... • http://packetstormsecurity.com/files/127666/SAP-HANA-XS-Missing-Encryption.html • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2749
https://notcve.org/view.php?id=CVE-2014-2749
10 Apr 2014 — The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request. El proceso HANA ICM en SAP HANA permite a atacantes remotos obtener la versión plataforma, nombre de host, número de instancia y posiblemente otra información sensible a través de una solicitud HTTP GET malformada. • http://secunia.com/advisories/57443 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •