Vulnerabilities > SAP > Hana > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-10 | CVE-2019-0284 | XXE vulnerability in SAP Hana 1.0/2.0 SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML document accepted from an untrusted source. | 3.6 |
2018-03-14 | CVE-2018-2402 | Information Exposure vulnerability in SAP Hana 1.00/2.00 In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear text in the indexserver trace files of the control system. | 3.5 |
2015-10-15 | CVE-2015-7726 | Cross-site Scripting vulnerability in SAP Hana 1.00.091.00 Cross-site scripting (XSS) vulnerability in role deletion in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allows remote authenticated users to inject arbitrary web script or HTML via the role name, aka SAP Security Note 2153898. | 3.5 |
2015-10-15 | CVE-2015-7728 | Cross-site Scripting vulnerability in SAP Hana 1.00.73.00.389160 Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to inject arbitrary web script or HTML via the username, aka SAP Security Note 2153898. | 3.5 |