Vulnerabilities > SAP > Hana > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-09 | CVE-2021-21484 | Incorrect Authorization vulnerability in SAP Hana 2.0 LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable unauthenticated bind. | 6.8 |
| 2018-12-11 | CVE-2018-2497 | Unspecified vulnerability in SAP Hana 1.0/2.0 The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE <table_name> AS SELECT. | 4.0 |
| 2018-09-11 | CVE-2018-2465 | Improper Input Validation vulnerability in SAP Hana 1.0/2.0 SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML. | 5.0 |
| 2018-02-14 | CVE-2018-2369 | Unspecified vulnerability in SAP Hana 1.00/2.00 Under certain conditions SAP HANA, 1.00, 2.00, allows an unauthenticated attacker to access information which would otherwise be restricted. | 5.0 |
| 2018-01-09 | CVE-2018-2362 | Unspecified vulnerability in SAP Hana 1.00/2.00 A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send specially crafted SOAP requests to the SAP Startup Service and disclose information such as the platform's hostname. | 5.0 |
| 2016-09-26 | CVE-2016-6142 | Security Bypass vulnerability in SAP Hana 1.00.73.00.389160 SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459. | 5.0 |
| 2016-08-05 | CVE-2016-6148 | Improper Input Validation vulnerability in SAP Hana 1.00.73.00.389160 SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service (process termination) or execute arbitrary code via vectors related to an IMPORT statement, aka SAP Security Note 2233136. | 5.0 |
| 2016-08-05 | CVE-2016-6144 | Improper Access Control vulnerability in SAP Hana 1.0/1.00 The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the password_lock_for_system_user is not supported or is configured as "False," which makes it easier for remote attackers to bypass authentication via a brute force attack, aka SAP Security Note 2216869. | 4.3 |
| 2016-04-14 | CVE-2016-4017 | Denial of Service vulnerability in SAP HANA The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of service (process crash) via unspecified vectors, aka SAP Security Note 2262710. | 5.0 |
| 2015-11-10 | CVE-2015-7992 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Hana 1.00.73.00.389160 SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to cause a denial of service (memory corruption and indexserver crash) via unspecified vectors to the EXECUTE_SEARCH_RULE_SET stored procedure, aka SAP Security Note 2175928. | 4.0 |