Vulnerabilities > SAP > Hana Database
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-12 | CVE-2023-40309 | Incorrect Authorization vulnerability in SAP products SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. | 9.8 |
2023-09-12 | CVE-2023-40308 | Out-of-bounds Write vulnerability in SAP products SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. | 7.5 |
2021-02-09 | CVE-2021-21474 | Inadequate Encryption Strength vulnerability in SAP Hana Database 1.00/2.00 SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidating the digital signature, this allows them to impersonate as user in HANA database and be able to read the contents in the database. | 6.5 |
2020-12-09 | CVE-2020-26834 | Improper Authentication vulnerability in SAP Hana Database 2.00 SAP HANA Database, version - 2.0, does not correctly validate the username when performing SAML bearer token-based user authentication. | 5.4 |
2019-11-04 | CVE-2019-0350 | Unspecified vulnerability in SAP Hana Database 1.00/2.00 SAP HANA Database, versions 1.0, 2.0, allows an unauthorized attacker to send a malformed connection request, which crashes the indexserver of an SAP HANA instance, leading to Denial of Service | 7.5 |
2018-06-12 | CVE-2018-2424 | Improper Input Validation vulnerability in SAP products SAP UI5 did not validate user input before adding it to the DOM structure. | 7.5 |
2017-12-12 | CVE-2017-16687 | Information Exposure vulnerability in SAP Hana Database 1.00/2.00 The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts. | 5.3 |