SAPCRYPTOLIB version 5.555.38 suffers from a missing signature check in its DSA algorithm.
c57e938e01fd374e72b21d0aa73cc8d0c2ca106f33d2addda4e763f24c2e5a95SAP Netweaver version 7.4 suffers from a UCON security protection bypass vulnerability.
b6b6da161f5f6d99d64676628f359e1d03196f8e0db85b8e37097dc37b2fefceSAP Netweaver 2004s suffers from a Security Audit Log invalid address logging issue.
209e6e26f282e79e950659858428ce65950b8a6438be686c8d03d5c3ba43079fAn error in the implementation results in no authentication/encryption being done for tenants services in "high isolation" mode on SAP HANA DB.
c6551122b9fa4cbc6499321204eb298ebec9e485d4e308ec1c7723979c014023SAP TREX version 7.10 revision 63 suffers from a remote command execution vulnerability.
0819be6c462080645727510772e93d336c75a8827da0a93033522577a8a61c8cSAP TREX version 7.10 revision 63 suffers from a TNS information disclosure vulnerability in NameServer.
7b9adee861d5e668126c4a179eb39eaad2ab92fa481b23b056ff2cb62d5297a1SAP TREX 7.10 revision 63 suffers from an arbitrary file write vulnerability.
5a99e7f7eae9d9a3066219049450db19d95da02530af7b6a5e101a1da4c7ddffSAP TREX 7.10 revision 63 suffers from a remote file read vulnerability.
e3509536f1ca1b383605ab1ab9d476c85a741c1fa9c35209743c2a2e449c5690SAP TREX 7.10 revision 63 suffers from a remote directory traversal vulnerability.
ba4abc7db7d764d9cf3ca72412bc129f86fb9296f37112f744602a22fb11e0cfSAP TREX 7.10 revision 63 suffers from a remote command execution vulnerability.
57335d49d9f144bf86626dce42926f6e8d20c20f3641c7437a2982b8a8a46953SAP HANA DB version 1.00.091.00.1418659308 suffers from a password disclosure vulnerability.
20d119aebb419f9c23fcacb993de3aea0f03fe535415bd530f18ffac68545a77Due to a flaw in SAP HANA DB version 1.00.73.00.389160, a remote unauthenticated attacker could read remote logs containing technical information about the system which could help to facilitate further attacks against the system.
fd289a49117a0a823798ba0eed96cdc41815b67bc8c0a02046f5482b8e5ad75bUsing the multiple methods available in the TrexNet protocol, a remote unauthenticated attacker could execute arbitrary operating system commands, python modules, read, write and delete files and directories, read environment information and also completely shut down the SAP HANA instance. The attacker could also send TMS queries to the NameSever component, which could allow him to retrieve technical information of the remote system such as configuration files. SAP HANA Database versions 1.00 SPS10 and below are affected.
e4cccb6ea9d715363678d97b705a3ed4cfae92d173b1157c598542160cec7a0eOnapsis Security Advisory - SAP HANA suffers from an information disclosure vulnerability via SQL IMPORT FROM statements.
bb14e2959b52d187e9b6acc4384e410e0927c0d33b3653e304b8da39ef6615f8Onapsis Security Advisory - SAP FI Manager Self-Service contains a hardcoded username which could allow a user to access functions or information that should be restricted.
6af964bfb323ace71af49db49e9c09318bd3bd26ffd097eee87a3bcf28af33bbOnapsis Security Advisory - SAP HANA IU5 SDK Application does not enforce any authentication when it is explicitly configured. It could allow an anonymous user to access functions or information that should be restricted.
012319929550f40aff45210c9e107a59b2e67cadbe0eba2ea67d08b03dc14274Onapsis Security Advisory - SAP HANA XS does not enforce any encryption in the form based authentication. It could allow an anonymous user to get information such as valid credentials from network traffic, gaining access into the system.
3c59882224f4e683e1189c962e0c8f1e472ad02e008d6bd4c6be59028fba9d6bOnapsis Security Advisory - Various SAP systems suffer from hard-coded credential vulnerabilities.
f19ce8f84128aec4f22198225fcc61a16d9b7f54df40ed479627b26a8c0f4efb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed