Weak Encryption in SAP HANA XS Leads to Data Exposure Risks
CVE-2014-5171

Currently unrated

Key Information:

Vendor: SAP
Status: Hana Extend Application Services
Vendor: CVE Published:; 31 July 2014

Summary

SAP HANA Extend Application Services (XS) is susceptible to a vulnerability whereby transmission encryption is absent during form-based authentication. This flaw permits remote attackers to intercept credentials and confidential information by monitoring network traffic. Without secure transmission, sensitive data exchanged between users and the application is at risk, potentially leading to unauthorized access and data breaches. Proper implementation of encryption protocols is crucial to safeguard against such vulnerabilities.

References

http://www.onapsis.com/resources/get.php?resid=adv_onapsi...

x_refsource_MISC

https://service.sap.com/sap/support/notes/1963932

x_refsource_CONFIRM

http://www.securityfocus.com/bid/68947

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jul 31, 2014
Vulnerability Reserved
Jul 31, 2014