Vulnerabilities > SAP > Hana > 1.00.73.00.389160
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-04-13 | CVE-2016-6143 | Improper Access Control vulnerability in SAP Hana 1.00.73.00.389160 SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806. | 7.5 |
2016-09-26 | CVE-2016-6142 | Security Bypass vulnerability in SAP Hana 1.00.73.00.389160 SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459. | 5.0 |
2016-08-05 | CVE-2016-6148 | Improper Input Validation vulnerability in SAP Hana 1.00.73.00.389160 SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service (process termination) or execute arbitrary code via vectors related to an IMPORT statement, aka SAP Security Note 2233136. | 5.0 |
2015-11-10 | CVE-2015-7994 | Improper Input Validation vulnerability in SAP Hana 1.00.73.00.389160 The SQL interface in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "SQL Login," aka SAP Security Note 2197428. | 7.5 |
2015-11-10 | CVE-2015-7993 | Improper Input Validation vulnerability in SAP Hana 1.00.73.00.389160 The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "HTTP Login," aka SAP Security Note 2197397. | 7.5 |
2015-11-10 | CVE-2015-7992 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Hana 1.00.73.00.389160 SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to cause a denial of service (memory corruption and indexserver crash) via unspecified vectors to the EXECUTE_SEARCH_RULE_SET stored procedure, aka SAP Security Note 2175928. | 4.0 |
2015-11-10 | CVE-2015-7991 | Information Exposure vulnerability in SAP Hana 1.00.73.00.389160 The Web Dispatcher service in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to read web dispatcher and security trace files and possibly obtain passwords via unspecified vectors, aka SAP Security Note 2148854. | 5.0 |
2015-10-15 | CVE-2015-7728 | Cross-site Scripting vulnerability in SAP Hana 1.00.73.00.389160 Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to inject arbitrary web script or HTML via the username, aka SAP Security Note 2153898. | 3.5 |
2015-10-15 | CVE-2015-7727 | SQL Injection vulnerability in SAP Hana 1.00.73.00.389160 Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the (1) trace configuration page or (2) getSqlTraceConfiguration function, aka SAP Security Note 2153898. | 6.5 |
2015-05-29 | CVE-2015-3995 | Information Exposure vulnerability in SAP Hana 1.00.73.00.389160 SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565. | 4.0 |