Vulnerability Description
SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Hana Extended Application Services | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/127666/SAP-HANA-XS-Missing-Encryption.html
- http://scn.sap.com/docs/DOC-8218
- http://seclists.org/fulldisclosure/2014/Jul/149
- http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-021
- http://www.securityfocus.com/archive/1/532940/100/0/threaded
- http://www.securityfocus.com/bid/68947
- https://service.sap.com/sap/support/notes/1963932
- http://packetstormsecurity.com/files/127666/SAP-HANA-XS-Missing-Encryption.html
- http://scn.sap.com/docs/DOC-8218
- http://seclists.org/fulldisclosure/2014/Jul/149
- http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-021
- http://www.securityfocus.com/archive/1/532940/100/0/threaded
- http://www.securityfocus.com/bid/68947
- https://service.sap.com/sap/support/notes/1963932
FAQ
What is CVE-2014-5171?
CVE-2014-5171 is a vulnerability with a CVSS score of 2.9 (LOW). SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other...
How severe is CVE-2014-5171?
CVE-2014-5171 has been rated LOW with a CVSS base score of 2.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-5171?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Hana Extended Application Services.