Vulnerability Details : CVE-2014-5171
SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network.
Products affected by CVE-2014-5171
- cpe:2.3:a:sap:hana_extended_application_services:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-5171
0.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 67 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-5171
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.9
|
LOW | AV:A/AC:M/Au:N/C:P/I:N/A:N |
5.5
|
2.9
|
NIST |
CWE ids for CVE-2014-5171
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-5171
-
http://www.securityfocus.com/archive/1/532940/100/0/threaded
SecurityFocus
-
http://packetstormsecurity.com/files/127666/SAP-HANA-XS-Missing-Encryption.html
SAP HANA XS Missing Encryption ≈ Packet Storm
-
http://scn.sap.com/docs/DOC-8218
Acknowledgments to Security Researchers - Security and Identity Management - SCN Wiki
-
https://service.sap.com/sap/support/notes/1963932
-
http://seclists.org/fulldisclosure/2014/Jul/149
Full Disclosure: [Onapsis Security Advisory 2014-021] SAP HANA XS Missing encryption in form-based authentication
-
http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-021
Page Not Found | Onapsis
-
http://www.securityfocus.com/bid/68947
SAP HANA Extended Application Services CVE-2014-5171 Information Disclosure Vulnerability
Jump to