VYPR

Hana Database

by SAP

CVEs (9)

  • CVE-2021-21484CriMar 9, 2021
    risk 0.64cvss 9.8epss 0.01

    LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable unauthenticated bind.

  • CVE-2018-2424CriJun 12, 2018
    risk 0.64cvss 9.8epss 0.02

    SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5…

  • CVE-2019-0350HigNov 4, 2019
    risk 0.49cvss 7.5epss 0.01

    SAP HANA Database, versions 1.0, 2.0, allows an unauthorized attacker to send a malformed connection request, which crashes the indexserver of an SAP HANA instance, leading to Denial of Service

  • CVE-2021-21474MedFeb 9, 2021
    risk 0.42cvss 6.5epss 0.01

    SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and…

  • CVE-2020-26834MedDec 9, 2020
    risk 0.35cvss 5.4epss 0.01

    SAP HANA Database, version - 2.0, does not correctly validate the username when performing SAML bearer token-based user authentication. It is possible to manipulate a valid existing SAML bearer token to authenticate as a user whose name is identical to the truncated username for…

  • CVE-2017-16687MedDec 12, 2017
    risk 0.35cvss 5.3epss 0.01

    The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts. An unauthenticated user could use the error messages to determine if…

  • CVE-2022-29614MedJun 14, 2022
    risk 0.33cvss 5.0epss 0.00

    SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, -…

  • CVE-2015-7828Nov 10, 2015
    risk 0.01cvss epss 0.07

    SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitrary code or have unspecified other impact via a TrexNet packet to the (1) fcopydir, (2) fmkdir, (3) frmdir, (4) getenv, (5) dumpenv, (6) fcopy, (7) fput, (8)…

  • CVE-2026-0492Jan 13, 2026
    risk 0.00cvss epss 0.00

    SAP HANA database is vulnerable to privilege escalation allowing an attacker with valid credentials of any user to switch to another user potentially gaining administrative access. This exploit could result in a total compromise of the system�s confidentiality, integrity, and…