CVE-2018-2465

EPSS 2.6%

In short

SAP HANA's OData parser fails to properly validate XML input, allowing attackers to crash the database server without authentication. This vulnerability affects the Extended Application Services component in versions 1.0 and 2.0.

Technical detail

The OData parser in SAP HANA EAS classic model lacks sufficient XML validation, enabling an unauthenticated attacker to submit malformed XML that triggers a denial-of-service condition resulting in database server crash. Attack vector is network-based through OData endpoints; no authentication required; impact is availability loss.

Summary generated and translated by AI from the official description.

SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash.

Affected products

SAP · SAP HANA

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://launchpad.support.sap.com/#/notes/2681207 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993 http://www.securityfocus.com/bid/105324