Vulnerabilities > SAP > Hana Extended Application Services > High

DATE CVE VULNERABILITY TITLE RISK
2019-09-10 CVE-2019-0363 Unspecified vulnerability in SAP Hana Extended Application Services 1.0
Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to overload the server or retrieve information about internal network ports.
network
low complexity
sap
7.1
2019-02-15 CVE-2019-0266 Information Exposure Through Log Files vulnerability in SAP Hana Extended Application Services 1.0
Under certain conditions SAP HANA Extended Application Services, version 1.0, advanced model (XS advanced) writes credentials of platform users to a trace file of the SAP HANA system.
network
low complexity
sap CWE-532
7.5
2018-02-14 CVE-2018-2376 Unspecified vulnerability in SAP Hana Extended Application Services 1.0
In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space.
network
low complexity
sap
8.1
2018-02-14 CVE-2018-2375 Unspecified vulnerability in SAP Hana Extended Application Services 1.0
In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space.
network
low complexity
sap
8.1
2018-02-14 CVE-2018-2373 Unspecified vulnerability in SAP Hana Extended Application Services 1.0
Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0.
network
low complexity
sap
7.5
2017-12-12 CVE-2017-16680 Injection vulnerability in SAP Hana Extended Application Services 1.0
Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1) Certain HTTP/REST endpoints of controller service are missing user input validation which could allow unprivileged attackers to forge audit log lines.
network
low complexity
sap CWE-74
7.5