RSS   Podatności dla
'Hana extended application services'
   RSS

2019-09-10
 
CVE-2019-0364

CWE-20
 

 
Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to enumerate open ports.

 
 
CVE-2019-0363

CWE-20
 

 
Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to overload the server or retrieve information about internal network ports.

 
2019-06-12
 
CVE-2019-0306

CWE-200
 

 
SAP HANA Extended Application Services (advanced model), version 1, allows authenticated low privileged XS Advanced Platform users such as SpaceAuditors to execute requests to obtain a complete list of SAP HANA user IDs and names.

 
2019-03-12
 
CVE-2019-0277

CWE-611
 

 
SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space (XML External Entity vulnerability).

 
2019-02-15
 
CVE-2019-0266

CWE-284
 

 
Under certain conditions SAP HANA Extended Application Services, version 1.0, advanced model (XS advanced) writes credentials of platform users to a trace file of the SAP HANA system. Even though this trace file is protected from unauthorized access, the risk of leaking information is increased.

 
2018-08-14
 
CVE-2018-2451

CWE-269
 

 
XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding authorizations have been revoked meanwhile by an administrator user. Similarly, an attacker who managed to gain access to the platform user's session might misuse the session token even after the session has been closed.

 

 >>> Vendor: SAP 332 Produkty
Router
Application server
Sap r 3 web application server demo
Saposcol
E-commerce
Crystal reports
Sap db
Sap r 3
Sapgui
Adaptive server enterprise
Internet transaction server
Mysap business suite
Maxdb
Sap web application server
Business connector
Sapdba
Download manager
Infrastructure
Internet graphics server
Inventory manager
Saplpd
Sapsprint
Rfc library
Sap basis component 640
Sap basis component 700
Netweaver nw04
Netweaver nw04s
Enjoysap
Internet communication manager
Sap message server
Business objects
Sql anywhere
Netweaver
Web dynpro
Sap gui
Tabone
Commerce
Gateway
Crystal reports server
Sap kernel
Business one 2005-a
Businessobjects
J2ee engine core
Server core
System landscape directory
Netweaver business client
Netweaver abap
GUI
Production planning and control
Healthcare industry solution
Erp cental component
Basis communication services
Erp central component
Network interface router
Netweaver logviewer
Netweaver development infrastructure
Customer relationship management
Emr unwired
Netweaver solution manager
Netweaver exchange infrastructure (bc-xi)
Bi universal data integration
Ccms / database monitor
J2ee engine
Guided procedures archive monitor
Mobile infrastructure
Adminadapter
Cm services
Cms services
Ccms agent
Solution manager
Enterprise portal
Software deployment manager
Enhancement package
HANA
Print and output management
Business object processing framework for abap
Netweaver software lifecycle manager
Netweaver abap application server
Profile maintenance
Background processing
Netweaver java application server
Project system
Brazil
Web services tool
Computing center management system monitoring
Transaction data pool
Capacity leveling
Open hub service
Oil industry solution traders and schedulers workbench
Upgrade tools
Supplier relationship management
Hana extend application services
Netweaver business warehouse
Fi manager self-service
Businessobjects xi
Businessobjects explorer
Commoncryptolib
Sapcrytolib
Sapseculib
Environment health and safety
Zobacz wszystkie produkty dla producenta SAP


Copyright 2024, cxsecurity.com

 

Back to Top