Skip to main content

Hana CVE-2016-1928

CRITICAL
Buffer Overflow (CWE-119)
2016-01-20 cve@mitre.org
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jan 20, 2016 - 16:59 cve.org
CRITICAL 9.8

DescriptionCVE.org

Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security Note 2241978.

AnalysisAI

Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 37.3% and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security Note 2241978. Affected products include: Sap Hana.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

More in Hana

View all
CVE-2015-7986 HIGH POC
7.5 Oct 27

The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a deni

CVE-2016-6142 HIGH POC
7.5 Sep 26

SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail fields into the SYS

CVE-2016-6143 CRITICAL
9.8 Apr 13

SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, ak

CVE-2015-7828 CRITICAL
10.0 Nov 10

SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitra

CVE-2016-6150 CRITICAL
9.8 Aug 05

The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote at

CVE-2021-21484 CRITICAL
9.8 Mar 09

LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured

CVE-2016-1929 CRITICAL
9.3 Jan 20

The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of

CVE-2018-2402 HIGH
8.4 Mar 14

In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more

CVE-2015-2072 MEDIUM POC
4.3 Feb 27

Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.

CVE-2016-6144 HIGH
8.1 Aug 05

The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when t

CVE-2016-6148 HIGH
7.5 Aug 05

SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service (process termination) or execute arbi

CVE-2015-7994 HIGH
7.5 Nov 10

The SQL interface in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via

Share

CVE-2016-1928 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy