CVE-2014-5172

Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://packetstormsecurity.com/files/127670/SAP-HANA-XS-Administration-Tool-Cross-Site-Scripting.html
http://scn.sap.com/docs/DOC-8218
http://seclists.org/fulldisclosure/2014/Jul/153
http://secunia.com/advisories/59634
http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-025
http://www.securityfocus.com/archive/1/532941/100/0/threaded
http://www.securityfocus.com/bid/68952
https://exchange.xforce.ibmcloud.com/vulnerabilities/94922
https://service.sap.com/sap/support/notes/1993349
http://packetstormsecurity.com/files/127670/SAP-HANA-XS-Administration-Tool-Cross-Site-Scripting.html
http://scn.sap.com/docs/DOC-8218
http://seclists.org/fulldisclosure/2014/Jul/153
http://secunia.com/advisories/59634
http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-025
http://www.securityfocus.com/archive/1/532941/100/0/threaded
http://www.securityfocus.com/bid/68952
https://exchange.xforce.ibmcloud.com/vulnerabilities/94922
https://service.sap.com/sap/support/notes/1993349

Configurations

Configuration 1 (hide)

cpe:2.3:a:sap:hana:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:11

Type	Values Removed	Values Added
References	~~() http://packetstormsecurity.com/files/127670/SAP-HANA-XS-Administration-Tool-Cross-Site-Scripting.html -~~	() http://packetstormsecurity.com/files/127670/SAP-HANA-XS-Administration-Tool-Cross-Site-Scripting.html -
References	~~() http://scn.sap.com/docs/DOC-8218 -~~	() http://scn.sap.com/docs/DOC-8218 -
References	~~() http://seclists.org/fulldisclosure/2014/Jul/153 -~~	() http://seclists.org/fulldisclosure/2014/Jul/153 -
References	~~() http://secunia.com/advisories/59634 -~~	() http://secunia.com/advisories/59634 -
References	~~() http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-025 -~~	() http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-025 -
References	~~() http://www.securityfocus.com/archive/1/532941/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/532941/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/68952 -~~	() http://www.securityfocus.com/bid/68952 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/94922 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/94922 -
References	~~() https://service.sap.com/sap/support/notes/1993349 -~~	() https://service.sap.com/sap/support/notes/1993349 -

Information

Published : 2014-07-31 14:55

Updated : 2025-04-12 10:46

NVD link : CVE-2014-5172

Mitre link : CVE-2014-5172

CVE.ORG link : CVE-2014-5172

JSON object : View

Products Affected

sap

hana

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

4.3 /10