Vulnerabilities > SAP > Hana

DATE CVE VULNERABILITY TITLE RISK
2021-03-09 CVE-2021-21484 Incorrect Authorization vulnerability in SAP Hana 2.0
LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable unauthenticated bind.
network
low complexity
sap CWE-863
critical
9.8
2019-09-10 CVE-2019-0357 Unspecified vulnerability in SAP Hana 1.0/2.0
The administrator of SAP HANA database, before versions 1.0 and 2.0, can misuse HANA to execute commands with operating system "root" privileges.
local
low complexity
sap
6.7
2019-04-10 CVE-2019-0284 XXE vulnerability in SAP Hana 1.0/2.0
SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML document accepted from an untrusted source.
local
low complexity
sap CWE-611
6.0
2018-12-11 CVE-2018-2497 Unspecified vulnerability in SAP Hana 1.0/2.0
The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE <table_name> AS SELECT.
network
low complexity
sap
2.7
2018-09-11 CVE-2018-2465 Improper Input Validation vulnerability in SAP Hana 1.0/2.0
SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML.
network
low complexity
sap CWE-20
7.5
2018-03-14 CVE-2018-2402 Information Exposure vulnerability in SAP Hana 1.00/2.00
In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear text in the indexserver trace files of the control system.
network
low complexity
sap CWE-200
8.4
2018-02-14 CVE-2018-2369 Unspecified vulnerability in SAP Hana 1.00/2.00
Under certain conditions SAP HANA, 1.00, 2.00, allows an unauthenticated attacker to access information which would otherwise be restricted.
network
low complexity
sap
5.3
2018-01-09 CVE-2018-2362 Unspecified vulnerability in SAP Hana 1.00/2.00
A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send specially crafted SOAP requests to the SAP Startup Service and disclose information such as the platform's hostname.
network
low complexity
sap
5.3
2017-04-13 CVE-2016-6143 Improper Access Control vulnerability in SAP Hana 1.00.73.00.389160
SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806.
network
low complexity
sap CWE-284
critical
9.8
2016-09-26 CVE-2016-6142 Unspecified vulnerability in SAP Hana 1.00.73.00.389160
SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459.
network
low complexity
sap
7.5