Vulnerabilities > SAP > Hana Database

DATE CVE VULNERABILITY TITLE RISK
2023-09-12 CVE-2023-40309 Incorrect Authorization vulnerability in SAP products
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-863
critical
9.8
2023-09-12 CVE-2023-40308 Out-of-bounds Write vulnerability in SAP products
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable.
network
low complexity
sap CWE-787
7.5
2021-02-09 CVE-2021-21474 Inadequate Encryption Strength vulnerability in SAP Hana Database 1.00/2.00
SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidating the digital signature, this allows them to impersonate as user in HANA database and be able to read the contents in the database.
network
low complexity
sap CWE-326
6.5
2020-12-09 CVE-2020-26834 Improper Authentication vulnerability in SAP Hana Database 2.00
SAP HANA Database, version - 2.0, does not correctly validate the username when performing SAML bearer token-based user authentication.
network
low complexity
sap CWE-287
5.4
2019-11-04 CVE-2019-0350 Unspecified vulnerability in SAP Hana Database 1.00/2.00
SAP HANA Database, versions 1.0, 2.0, allows an unauthorized attacker to send a malformed connection request, which crashes the indexserver of an SAP HANA instance, leading to Denial of Service
network
low complexity
sap
7.5
2018-06-12 CVE-2018-2424 Improper Input Validation vulnerability in SAP products
SAP UI5 did not validate user input before adding it to the DOM structure.
network
low complexity
sap CWE-20
7.5
2017-12-12 CVE-2017-16687 Information Exposure vulnerability in SAP Hana Database 1.00/2.00
The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts.
network
low complexity
sap CWE-200
5.3