Vulnerabilities > SAP > Hana > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-03-09 CVE-2021-21484 Incorrect Authorization vulnerability in SAP Hana 2.0
LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable unauthenticated bind.
network
sap CWE-863
6.8
2018-12-11 CVE-2018-2497 Unspecified vulnerability in SAP Hana 1.0/2.0
The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE <table_name> AS SELECT.
network
low complexity
sap
4.0
2018-09-11 CVE-2018-2465 Improper Input Validation vulnerability in SAP Hana 1.0/2.0
SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML.
network
low complexity
sap CWE-20
5.0
2018-02-14 CVE-2018-2369 Unspecified vulnerability in SAP Hana 1.00/2.00
Under certain conditions SAP HANA, 1.00, 2.00, allows an unauthenticated attacker to access information which would otherwise be restricted.
network
low complexity
sap
5.0
2018-01-09 CVE-2018-2362 Unspecified vulnerability in SAP Hana 1.00/2.00
A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send specially crafted SOAP requests to the SAP Startup Service and disclose information such as the platform's hostname.
network
low complexity
sap
5.0
2016-09-26 CVE-2016-6142 Security Bypass vulnerability in SAP Hana 1.00.73.00.389160
SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459.
network
low complexity
sap
5.0
2016-08-05 CVE-2016-6148 Improper Input Validation vulnerability in SAP Hana 1.00.73.00.389160
SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service (process termination) or execute arbitrary code via vectors related to an IMPORT statement, aka SAP Security Note 2233136.
network
low complexity
sap CWE-20
5.0
2016-08-05 CVE-2016-6144 Improper Access Control vulnerability in SAP Hana 1.0/1.00
The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the password_lock_for_system_user is not supported or is configured as "False," which makes it easier for remote attackers to bypass authentication via a brute force attack, aka SAP Security Note 2216869.
network
sap CWE-284
4.3
2016-04-14 CVE-2016-4017 Denial of Service vulnerability in SAP HANA
The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of service (process crash) via unspecified vectors, aka SAP Security Note 2262710.
network
low complexity
sap
5.0
2015-11-10 CVE-2015-7992 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Hana 1.00.73.00.389160
SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to cause a denial of service (memory corruption and indexserver crash) via unspecified vectors to the EXECUTE_SEARCH_RULE_SET stored procedure, aka SAP Security Note 2175928.
network
low complexity
sap CWE-119
4.0