Vulnerabilities > SAP > Hana > 1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-10 | CVE-2019-0357 | Unspecified vulnerability in SAP Hana 1.0/2.0 The administrator of SAP HANA database, before versions 1.0 and 2.0, can misuse HANA to execute commands with operating system "root" privileges. | 7.2 |
| 2019-04-10 | CVE-2019-0284 | XXE vulnerability in SAP Hana 1.0/2.0 SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML document accepted from an untrusted source. | 3.6 |
| 2018-12-11 | CVE-2018-2497 | Unspecified vulnerability in SAP Hana 1.0/2.0 The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE <table_name> AS SELECT. | 4.0 |
| 2018-09-11 | CVE-2018-2465 | Improper Input Validation vulnerability in SAP Hana 1.0/2.0 SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML. | 5.0 |
| 2016-08-05 | CVE-2016-6144 | Improper Access Control vulnerability in SAP Hana 1.0/1.00 The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the password_lock_for_system_user is not supported or is configured as "False," which makes it easier for remote attackers to bypass authentication via a brute force attack, aka SAP Security Note 2216869. | 4.3 |
| 2015-10-27 | CVE-2015-7986 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Hana 1.0/1.00 The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 2197428. | 7.5 |