All the vulnerabilites related to SAP - SAP HANA
cve-2018-2497
Vulnerability from cvelistv5
Published
2018-12-11 23:00
Modified
2024-08-05 04:21
Severity ?
EPSS score ?
Summary
The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE <table_name> AS SELECT.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/106152 | vdb-entry, x_refsource_BID | |
| https://launchpad.support.sap.com/#/notes/2704878 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:21:34.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699"
},
{
"name": "106152",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106152"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2704878"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP HANA",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "= 1.0"
},
{
"status": "affected",
"version": "= 2.0"
}
]
}
],
"datePublic": "2018-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE \u003ctable_name\u003e AS SELECT."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-12T10:57:01",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699"
},
{
"name": "106152",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106152"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2704878"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP HANA",
"version": {
"version_data": [
{
"version_name": "=",
"version_value": "1.0"
},
{
"version_name": "=",
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE \u003ctable_name\u003e AS SELECT."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699"
},
{
"name": "106152",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106152"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2704878",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2704878"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2497",
"datePublished": "2018-12-11T23:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-08-05T04:21:34.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-2465
Vulnerability from cvelistv5
Published
2018-09-11 15:00
Modified
2024-08-05 04:21
Severity ?
EPSS score ?
Summary
SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/105324 | vdb-entry, x_refsource_BID | |
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993 | x_refsource_CONFIRM | |
| https://launchpad.support.sap.com/#/notes/2681207 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:21:33.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105324",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105324"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2681207"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP HANA",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "= 1.0"
},
{
"status": "affected",
"version": "= 2.0"
}
]
}
],
"datePublic": "2018-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-13T09:57:01",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"name": "105324",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105324"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2681207"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP HANA",
"version": {
"version_data": [
{
"version_name": "=",
"version_value": "1.0"
},
{
"version_name": "=",
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105324",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105324"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2681207",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2681207"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2465",
"datePublished": "2018-09-11T15:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-08-05T04:21:33.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}