Every CVE whose affected-product data names Sap Hana Database, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2018-2424 — CVSS 9.8 (critical): SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being…
CVE-2023-40309 — CVSS 9.8 (critical): SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an…
CVE-2026-0492 — CVSS 8.8 (high): SAP HANA database is vulnerable to privilege escalation allowing an attacker with valid credentials of any user to switch to another user…
CVE-2023-40308 — CVSS 7.5 (high): SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption…
CVE-2019-0350 — CVSS 7.5 (high): SAP HANA Database, versions 1.0, 2.0, allows an unauthorized attacker to send a malformed connection request, which crashes the indexserver…
CVE-2021-21474 — CVSS 6.5 (medium): SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML…
CVE-2020-26834 — CVSS 5.4 (medium): SAP HANA Database, version - 2.0, does not correctly validate the username when performing SAML bearer token-based user authentication. It…
CVE-2017-16687 — CVSS 5.3 (medium): The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00…