SQL Injection Vulnerability in SAP HANA Extended Application Services
CVE-2018-2373
7.5HIGH
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 14 February 2018
What is CVE-2018-2373?
This vulnerability allows unauthenticated users to exploit a specific endpoint in the Controller's API of SAP HANA Extended Application Services, 1.0. By leveraging this flaw, attackers can execute SQL statements that reveal sensitive system configuration information. Proper security measures should be implemented to protect the API from unauthorized access and ensure that data integrity is maintained.
Affected Version(s)
SAP HANA Extended Application Services 1.0