CVE-2016-1929

Published: Jan 20, 2016Modified: May 6, 2026

9.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H

Exploitability: 3.9 / Impact: 4.7

Source: NVD

Description

The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, related to an unspecified debug function, aka SAP Security Note 2241978.

Affected (1)

Products: Sap: Hana

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Hana	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://seclists.org/fulldisclosure/2016/Apr/59

Source: cve@mitre.org

https://erpscan.io/advisories/erpscan-16-002-sap-hana-log-injection-and-no-size-restriction/

Source: cve@mitre.org

https://erpscan.io/press-center/blog/sap-security-notes-january-2016-review/

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2016/Apr/59

Source: af854a3a-2127-422b-91ae-364da2661108

https://erpscan.io/advisories/erpscan-16-002-sap-hana-log-injection-and-no-size-restriction/

Source: af854a3a-2127-422b-91ae-364da2661108

https://erpscan.io/press-center/blog/sap-security-notes-january-2016-review/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.