The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
Privilege Escalation
SAP
Netweaver Business Warehouse
NVD
CVSS 2.0
3.5
EPSS
0.4%
SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and. Rated low severity (CVSS 2.9). No vendor patch available.
Information Disclosure
SAP
Hana Extended Application Services
NVD
CVSS 2.0
2.9
EPSS
0.4%