CVE-2014-5171

Current Description

SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network.

Basic Data

PublishedJuly 31, 2014
Last ModifiedOctober 09, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-310
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:A/AC:M/Au:N/C:P/I:N/A:N
CVSS 2 - Access VectorADJACENT_NETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score2.9
SeverityLOW
Exploitability Score5.5
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationSapHana Extend Application Services-*******

Vulnerable Software List

VendorProductVersions
Sap Hana Extend Application Services -

References

NameSourceURLTags
http://packetstormsecurity.com/files/127666/SAP-HANA-XS-Missing-Encryption.htmlhttp://packetstormsecurity.com/files/127666/SAP-HANA-XS-Missing-Encryption.htmlMISC
http://scn.sap.com/docs/DOC-8218http://scn.sap.com/docs/DOC-8218CONFIRM
20140729 [Onapsis Security Advisory 2014-021] SAP HANA XS Missing encryption in form-based authenticationhttp://seclists.org/fulldisclosure/2014/Jul/149FULLDISC
http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-021http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-021MISC
20140729 [Onapsis Security Advisory 2014-021] SAP HANA XS Missing encryption in form-based authenticationhttp://www.securityfocus.com/archive/1/532940/100/0/threadedBUGTRAQ
68947http://www.securityfocus.com/bid/68947BID
https://service.sap.com/sap/support/notes/1963932https://service.sap.com/sap/support/notes/1963932CONFIRM