Vulnerabilities > SAP > Hana Extended Application Services

DATE CVE VULNERABILITY TITLE RISK
2018-02-14 CVE-2018-2375 Unspecified vulnerability in SAP Hana Extended Application Services 1.0
In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space.
network
low complexity
sap
8.1
2018-02-14 CVE-2018-2374 Unspecified vulnerability in SAP Hana Extended Application Services 1.0
In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve sensitive application data like service bindings within that space.
network
low complexity
sap
6.5
2018-02-14 CVE-2018-2373 Unspecified vulnerability in SAP Hana Extended Application Services 1.0
Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0.
network
low complexity
sap
7.5
2018-02-14 CVE-2018-2372 Information Exposure Through Log Files vulnerability in SAP Hana Extended Application Services 1.0
A plain keystore password is written to a system log file in SAP HANA Extended Application Services, 1.0, which could endanger confidentiality of SSL communication.
network
low complexity
sap CWE-532
6.5
2017-12-12 CVE-2017-16680 Injection vulnerability in SAP Hana Extended Application Services 1.0
Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1) Certain HTTP/REST endpoints of controller service are missing user input validation which could allow unprivileged attackers to forge audit log lines.
network
low complexity
sap CWE-74
7.5