CVE-2014-2749
SAP HANA - Exposure of Sensitive Information via Malformed HTTP GET Request
Title source: llmDescription
The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/66675
Various Sources x_refsource_misc
https://service.sap.com/sap/support/notes/1914778
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/92325
Various Sources x_refsource_misc
http://www.onapsis.com/get.php?resid=adv_onapsis-2014-001
Various Sources x_refsource_misc
http://www.onapsis.com/research-advisories.php
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/57443
Scores
EPSS
0.0052
EPSS Percentile
66.8%
Details
CWE
CWE-200
Status
published
Products (1)
sap/hana
Published
Apr 10, 2014
Tracked Since
Feb 18, 2026