CVE-2014-5171
SAP HANA Extended Application Services - Unencrypted Credential Transmission via Form-Based Authentication
Title source: llmDescription
SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network.
References (7)
Core 7
Core References
Various Sources x_refsource_misc
http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-021
Various Sources x_refsource_confirm
https://service.sap.com/sap/support/notes/1963932
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/68947
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/532940/100/0/threaded
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Jul/149
Various Sources x_refsource_confirm
http://scn.sap.com/docs/DOC-8218
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/127666/SAP-HANA-XS-Missing-Encryption.html
Scores
EPSS
0.0040
EPSS Percentile
60.7%
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-310
Status
published
Products (1)
sap/hana_extended_application_services
Published
Jul 31, 2014
Tracked Since
Feb 18, 2026