CVE-2017-8914

Published: May 23, 2017Modified: May 13, 2026

8.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Exploitability: 3.9 / Impact: 3.7

Source: NVD

Description

sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694.

Affected (2)

Products: Sap: Hana Xs

Sap

1 product

Hana Xs

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Sap Hana Xs	Version 1.00
Sap Hana Xs	Version 2.00

References (6)

http://www.securityfocus.com/bid/96206

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://erpscan.io/advisories/erpscan-17-009-sap-hana-sinopia-default-user-creation-policy-insecure/

Source: cve@mitre.org

https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-february-2017/

Source: cve@mitre.org

http://www.securityfocus.com/bid/96206

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://erpscan.io/advisories/erpscan-17-009-sap-hana-sinopia-default-user-creation-policy-insecure/

Source: af854a3a-2127-422b-91ae-364da2661108

https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-february-2017/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.