Insecure User Creation Policy in SAP HANA XS
CVE-2017-8914

8.3HIGH

Key Information:

Vendor

SAP
Status
Hana Xs
Vendor
CVE Published:
23 May 2017

What is CVE-2017-8914?

The vulnerability identified in SAP HANA XS's sinopia component allows attackers to exploit an insecure user creation policy. This can enable unauthorized individuals to hijack npm packages or host arbitrary files, posing significant security risks. The issue highlights the need for enhanced user management and control to protect against potential threats.

References

http://www.securityfocus.com/bid/96206
vdb-entryx_refsource_BID
https://erpscan.io/advisories/erpscan-17-009-sap-hana-sin...
x_refsource_MISC
https://erpscan.io/press-center/blog/sap-cyber-threat-int...
x_refsource_MISC

CVSS V3.1

Score:
8.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.