High severity7.5NVD Advisory· Published May 23, 2017· Updated May 13, 2026

CVE-2017-8915

Description

sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service (assertion failure and service crash) by pushing a package with a filename containing a $ (dollar sign) or % (percent) character, aka SAP Security Note 2407694.

Affected products

SAP/Hana Xs2 versions
cpe:2.3:a:sap:hana_xs:1.00:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:sap:hana_xs:1.00:*:*:*:*:*:*:*
- cpe:2.3:a:sap:hana_xs:2.00:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/96206nvdThird Party AdvisoryVDB Entry
erpscan.io/advisories/erpscan-17-008-sap-hana-xs-sinopia-dos/nvd
erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-february-2017/nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000