CVE-2014-5171

Published: Jul 31, 2014Modified: May 6, 2026

2.9

Vector

AV:A/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 5.5 / Impact: 2.9

Source: NVD

Description

SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network.

Affected (1)

Products: Sap: Hana Extended Application Services

Sap

1 product

Hana Extended Application Services

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Hana Extended Application Services	All versions

Related CWEs

CWE-310

References (14)

http://packetstormsecurity.com/files/127666/SAP-HANA-XS-Missing-Encryption.html

Source: cve@mitre.org

http://scn.sap.com/docs/DOC-8218

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2014/Jul/149

Source: cve@mitre.org

http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-021

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/532940/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/68947

Source: cve@mitre.org

https://service.sap.com/sap/support/notes/1963932

Source: cve@mitre.org

http://packetstormsecurity.com/files/127666/SAP-HANA-XS-Missing-Encryption.html