Vulnerabilities > SAP > Hana > 1.0

DATE CVE VULNERABILITY TITLE RISK
2019-09-10 CVE-2019-0357 Unspecified vulnerability in SAP Hana 1.0/2.0
The administrator of SAP HANA database, before versions 1.0 and 2.0, can misuse HANA to execute commands with operating system "root" privileges.
local
low complexity
sap
6.7
2019-04-10 CVE-2019-0284 XXE vulnerability in SAP Hana 1.0/2.0
SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML document accepted from an untrusted source.
local
low complexity
sap CWE-611
6.0
2018-12-11 CVE-2018-2497 Unspecified vulnerability in SAP Hana 1.0/2.0
The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE <table_name> AS SELECT.
network
low complexity
sap
2.7
2018-09-11 CVE-2018-2465 Improper Input Validation vulnerability in SAP Hana 1.0/2.0
SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML.
network
low complexity
sap CWE-20
7.5
2016-08-05 CVE-2016-6144 Improper Access Control vulnerability in SAP Hana 1.0/1.00
The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the password_lock_for_system_user is not supported or is configured as "False," which makes it easier for remote attackers to bypass authentication via a brute force attack, aka SAP Security Note 2216869.
network
high complexity
sap CWE-284
8.1