CVE-2014-2749

Published: Apr 10, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request.

Affected (1)

Products: Sap: Hana

Sap

1 product

Hana

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Hana	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (12)

http://secunia.com/advisories/57443

Source: cve@mitre.org

Vendor Advisory

http://www.onapsis.com/get.php?resid=adv_onapsis-2014-001

Source: cve@mitre.org

http://www.onapsis.com/research-advisories.php

Source: cve@mitre.org

http://www.securityfocus.com/bid/66675

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/92325

Source: cve@mitre.org

https://service.sap.com/sap/support/notes/1914778

Source: cve@mitre.org

http://secunia.com/advisories/57443