VYPR

HANA Extended Application Services (Advanced model)

by SAP

CVEs (4)

  • CVE-2019-0261CriFeb 15, 2019
    risk 0.64cvss 9.8epss 0.04

    Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP HANA 2 SPS0 (second S stands for…

  • CVE-2025-24868HigFeb 11, 2025
    risk 0.46cvss 7.1epss 0.00

    The User Account and Authentication service (UAA) for SAP HANA extended application services, advanced model (SAP HANA XS advanced model) allows an unauthenticated attacker to craft a malicious link, that, when clicked by a victim, redirects the browser to a malicious site due…

  • CVE-2019-0363HigSep 10, 2019
    risk 0.46cvss 7.1epss 0.01

    Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to overload the server or retrieve information about internal network ports.

  • CVE-2019-0364MedSep 10, 2019
    risk 0.28cvss 4.3epss 0.01

    Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to enumerate open ports.