We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2014-5171



Assignermitre
Reserved2014-07-31
Published2014-07-31
Updated2024-10-21

Description

SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network.

References

http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-021

https://service.sap.com/sap/support/notes/1963932

http://www.securityfocus.com/bid/68947 (68947) vdb-entry

http://www.securityfocus.com/archive/1/532940/100/0/threaded (20140729 [Onapsis Security Advisory 2014-021] SAP HANA XS Missing encryption in form-based authentication) mailing-list

http://seclists.org/fulldisclosure/2014/Jul/149 (20140729 [Onapsis Security Advisory 2014-021] SAP HANA XS Missing encryption in form-based authentication) mailing-list

http://scn.sap.com/docs/DOC-8218

http://packetstormsecurity.com/files/127666/SAP-HANA-XS-Missing-Encryption.html

cve.org CVE-2014-5171

nvd.nist.gov CVE-2014-5171

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.