CVE-2014-5171

Currently unrated

Key Information:

Vendor: SAP
Status: Hana Extend Application Services
Vendor: CVE Published:; 31 July 2014

Summary

SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network.

References

http://www.onapsis.com/resources/get.php?resid=adv_onapsi...

x_refsource_MISC

https://service.sap.com/sap/support/notes/1963932

x_refsource_CONFIRM

http://www.securityfocus.com/bid/68947

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jul 31, 2014
Vulnerability Reserved
Jul 31, 2014