Skip to main content

Hana CVE-2016-1929

CRITICAL
Improper Input Validation (CWE-20)
2016-01-20 cve@mitre.org
9.3
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

1
CVE Published
Jan 20, 2016 - 16:59 cve.org
CRITICAL 9.3

DescriptionCVE.org

The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, related to an unspecified debug function, aka SAP Security Note 2241978.

AnalysisAI

The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, related to an unspecified debug function, aka SAP Security Note 2241978. Affected products include: Sap Hana.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Hana

View all
CVE-2016-1928 CRITICAL
9.8 Jan 20

Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execu

CVE-2015-7986 HIGH POC
7.5 Oct 27

The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a deni

CVE-2016-6142 HIGH POC
7.5 Sep 26

SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail fields into the SYS

CVE-2016-6143 CRITICAL
9.8 Apr 13

SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, ak

CVE-2015-7828 CRITICAL
10.0 Nov 10

SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitra

CVE-2016-6150 CRITICAL
9.8 Aug 05

The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote at

CVE-2021-21484 CRITICAL
9.8 Mar 09

LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured

CVE-2018-2402 HIGH
8.4 Mar 14

In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more

CVE-2015-2072 MEDIUM POC
4.3 Feb 27

Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.

CVE-2016-6144 HIGH
8.1 Aug 05

The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when t

CVE-2016-6148 HIGH
7.5 Aug 05

SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service (process termination) or execute arbi

CVE-2015-7994 HIGH
7.5 Nov 10

The SQL interface in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via

Share

CVE-2016-1929 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy