CVE-2017-8915

7.5HIGH

Key Information:

Vendor: SAP
Status: Hana Xs
Vendor: CVE Published:; 23 May 2017

Summary

sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service (assertion failure and service crash) by pushing a package with a filename containing a $ (dollar sign) or % (percent) character, aka SAP Security Note 2407694.

References

http://www.securityfocus.com/bid/96206

vdb-entryx_refsource_BID

https://erpscan.io/advisories/erpscan-17-008-sap-hana-xs-...

x_refsource_MISC

https://erpscan.io/press-center/blog/sap-cyber-threat-int...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 23, 2017
Vulnerability Reserved
May 12, 2017

.