threat
engine
.sh
Back
·
··:··
Home
/
Product
/
sap hana
Product
sap hana
39 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2024-45277
>= 2.0.0 and < 2.21.31
The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing a
4.3
MEDIUM
CVE-2021-21484
all versions
LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable
9.8
CRITICAL
CVE-2019-0357
all versions
The administrator of SAP HANA database, before versions 1.0 and 2.0, can misuse HANA to execute commands with operating system "ro
6.7
MEDIUM
CVE-2019-0284
all versions
SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML document accepted from an untruste
6.0
MEDIUM
CVE-2018-2497
all versions
The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with
2.7
LOW
CVE-2018-2465
all versions
SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML. By ex
7.5
HIGH
CVE-2018-2402
all versions
In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more informatio
7.6
HIGH
CVE-2018-2369
all versions
Under certain conditions SAP HANA, 1.00, 2.00, allows an unauthenticated attacker to access information which would otherwise be r
5.3
MEDIUM
CVE-2018-2362
all versions
A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send specially crafted SOAP requests to the SAP Startup Service a
5.3
MEDIUM
CVE-2016-6143
all versions
SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Secu
9.8
CRITICAL
CVE-2016-6142
all versions
SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via ve
7.5
HIGH
CVE-2016-6150
all versions
The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to
9.8
CRITICAL
CVE-2016-6148
all versions
SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service (process termination) or execute arbitrary code
7.5
HIGH
CVE-2016-6144
<= 1.00.73.00.389160
The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the passwor
8.1
HIGH
CVE-2016-4018
all versions
The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows re
7.3
HIGH
CVE-2016-4017
all versions
The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of service (process crash) via un
7.5
HIGH
CVE-2016-1929
all versions
The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (
9.3
CRITICAL
CVE-2016-1928
all versions
Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execute arbitra
9.8
CRITICAL
CVE-2015-7994
all versions
The SQL interface in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecifie
CVE-2015-7993
all versions
The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to
CVE-2015-7992
all versions
SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to cause a denial of service (memory corruption and
CVE-2015-7991
all versions
The Web Dispatcher service in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to read web dispatcher and secu
CVE-2015-7828
<= 1.00
SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitrary code or
CVE-2015-7986
<= 1.00.095
The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of serv
CVE-2015-7729
all versions
Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 all
CVE-2015-7728
all versions
Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160
CVE-2015-7727
all versions
Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allo
CVE-2015-7726
all versions
Cross-site scripting (XSS) vulnerability in role deletion in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.141865
CVE-2015-7725
all versions
Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allow remote a
CVE-2015-6507
all versions
The hdbsql client 1.00.091.00 Build 1418659308-1530 in SAP HANA allows local users to cause a denial of service (memory corruption
CVE-2015-3995
all versions
SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL stat
CVE-2015-3994
all versions
The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remo
CVE-2015-2072
all versions
Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.3
CVE-2014-8588
all versions
SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands
CVE-2014-8587
all versions
SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, al
CVE-2014-8314
all versions
Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA Developer Edition Revision 70 allow remote attackers to inject arb
CVE-2014-8313
all versions
Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrar
CVE-2014-5172
all versions
Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject ar
CVE-2014-2749
all versions
The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin