Every CVE whose affected-product data names Sap Hana, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (38)
CVE-2015-7828 — CVSS 10.0 (critical): SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitrary code or have…
CVE-2016-1928 — CVSS 9.8 (critical): Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code…
CVE-2016-6150 — CVSS 9.8 (critical): The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass…
CVE-2021-21484 — CVSS 9.8 (critical): LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable…
CVE-2016-6143 — CVSS 9.8 (critical): SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note…
CVE-2016-1929 — CVSS 9.3 (critical): The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk…
CVE-2016-6144 — CVSS 8.1 (high): The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the…
CVE-2018-2402 — CVSS 7.6 (high): In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about…
CVE-2015-7993 — CVSS 7.5 (high): The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute…
CVE-2014-8587 — CVSS 7.5 (high): SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows…
CVE-2014-8588 — CVSS 7.5 (high): SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via…
CVE-2015-7986 — CVSS 7.5 (high): The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service…
CVE-2015-7994 — CVSS 7.5 (high): The SQL interface in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors…
CVE-2016-4017 — CVSS 7.5 (high): The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of service (process crash) via unspecified…
CVE-2016-6142 — CVSS 7.5 (high): SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors…
CVE-2016-6148 — CVSS 7.5 (high): SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service (process termination) or execute arbitrary code via…
CVE-2018-2465 — CVSS 7.5 (high): SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting…
CVE-2016-4018 — CVSS 7.3 (high): The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows remote…
CVE-2015-6507 — CVSS 7.2 (high): The hdbsql client 1.00.091.00 Build 1418659308-1530 in SAP HANA allows local users to cause a denial of service (memory corruption) and…
CVE-2019-0357 — CVSS 6.7 (medium): The administrator of SAP HANA database, before versions 1.0 and 2.0, can misuse HANA to execute commands with operating system "root"…
CVE-2015-7725 — CVSS 6.5 (medium): Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allow remote…
CVE-2015-7729 — CVSS 6.5 (medium): Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows…
CVE-2015-7727 — CVSS 6.5 (medium): Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allow remote…
CVE-2014-8313 — CVSS 6.0 (medium): Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX…
CVE-2019-0284 — CVSS 6.0 (medium): SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML document accepted from an untrusted source…
CVE-2018-2369 — CVSS 5.3 (medium): Under certain conditions SAP HANA, 1.00, 2.00, allows an unauthenticated attacker to access information which would otherwise be…
CVE-2018-2362 — CVSS 5.3 (medium): A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send specially crafted SOAP requests to the SAP Startup Service and…
CVE-2015-7991 — CVSS 5.0 (medium): The Web Dispatcher service in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to read web dispatcher and security…
CVE-2014-2749 — CVSS 5.0 (medium): The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other…
CVE-2014-8314 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA Developer Edition Revision 70 allow remote attackers to inject arbitrary…
CVE-2014-5172 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary…
CVE-2015-2072 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861)…
CVE-2015-7992 — CVSS 4.0 (medium): SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to cause a denial of service (memory corruption and…
CVE-2015-3994 — CVSS 4.0 (medium): The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote…
CVE-2015-3995 — CVSS 4.0 (medium): SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement…
CVE-2015-7726 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in role deletion in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308…
CVE-2015-7728 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160…
CVE-2018-2497 — CVSS 2.7 (low): The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the…