Vulnerabilities > SAP > Hana > Low

DATE CVE VULNERABILITY TITLE RISK
2019-04-10 CVE-2019-0284 XXE vulnerability in SAP Hana 1.0/2.0
SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML document accepted from an untrusted source.
local
low complexity
sap CWE-611
3.6
2018-03-14 CVE-2018-2402 Information Exposure vulnerability in SAP Hana 1.00/2.00
In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear text in the indexserver trace files of the control system.
network
sap CWE-200
3.5
2015-10-15 CVE-2015-7726 Cross-site Scripting vulnerability in SAP Hana 1.00.091.00
Cross-site scripting (XSS) vulnerability in role deletion in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allows remote authenticated users to inject arbitrary web script or HTML via the role name, aka SAP Security Note 2153898.
network
sap CWE-79
3.5
2015-10-15 CVE-2015-7728 Cross-site Scripting vulnerability in SAP Hana 1.00.73.00.389160
Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to inject arbitrary web script or HTML via the username, aka SAP Security Note 2153898.
network
sap CWE-79
3.5