Sap Hana Extended Application Services — known CVE vulnerabilities
Every CVE whose affected-product data names Sap Hana Extended Application Services, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2015-1311 — CVSS 10.0 (critical): The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP…
CVE-2018-2376 — CVSS 8.1 (high): In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve…
CVE-2018-2375 — CVSS 8.1 (high): In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve…
CVE-2018-2373 — CVSS 7.5 (high): Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL…
CVE-2019-0266 — CVSS 7.5 (high): Under certain conditions SAP HANA Extended Application Services, version 1.0, advanced model (XS advanced) writes credentials of platform…
CVE-2017-16680 — CVSS 7.5 (high): Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1) Certain HTTP/REST endpoints of…
CVE-2019-0363 — CVSS 7.1 (high): Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to overload…
CVE-2018-2451 — CVSS 6.6 (medium): XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an…
CVE-2019-0277 — CVSS 6.5 (medium): SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated…
CVE-2018-2372 — CVSS 6.5 (medium): A plain keystore password is written to a system log file in SAP HANA Extended Application Services, 1.0, which could endanger…
CVE-2018-2374 — CVSS 6.5 (medium): In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve…
CVE-2018-2377 — CVSS 6.5 (medium): In SAP HANA Extended Application Services, 1.0, some general server statistics and status information could be retrieved by unauthorized…
CVE-2018-2378 — CVSS 6.5 (medium): In SAP HANA Extended Application Services, 1.0, unauthorized users can read statistical data about deployed applications including resource…
CVE-2018-2379 — CVSS 6.5 (medium): In SAP HANA Extended Application Services, 1.0, an unauthenticated user could test if a given username is valid by evaluating error…
CVE-2014-5173 — CVSS 5.0 (medium): SAP HANA Extend Application Services (XS) allows remote attackers to bypass access restrictions via a request to a private IU5 SDK…
CVE-2019-0364 — CVSS 4.3 (medium): Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to enumerate…
CVE-2019-0306 — CVSS 4.3 (medium): SAP HANA Extended Application Services (advanced model), version 1, allows authenticated low privileged XS Advanced Platform users such as…
CVE-2014-5171 — CVSS 2.9 (low): SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL…