CVE-2018-2465

Published: Sep 11, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash.

Affected (2)

Products: Sap: Hana

Sap

1 product

Hana

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Sap Hana	Version 1.0
Sap Hana	Version 2.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://www.securityfocus.com/bid/105324

Source: cna@sap.com

Third Party AdvisoryVDB Entry

https://launchpad.support.sap.com/#/notes/2681207

Source: cna@sap.com

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993

Source: cna@sap.com

Vendor Advisory

http://www.securityfocus.com/bid/105324

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://launchpad.support.sap.com/#/notes/2681207

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.