CVE-2014-5173
SAP HANA Extended Application Services - Unauthenticated Access Restriction Bypass via Private IU5 SDK Application
Title source: llmDescription
SAP HANA Extend Application Services (XS) allows remote attackers to bypass access restrictions via a request to a private IU5 SDK application that was once public.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/94931
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/127667/SAP-HANA-IU5-SDK-Authentication-Bypass.html
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Jul/150
Various Sources x_refsource_confirm
http://scn.sap.com/docs/DOC-8218
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/532944/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/68950
Various Sources x_refsource_confirm
https://service.sap.com/sap/support/notes/1964428
Scores
EPSS
0.0044
EPSS Percentile
63.3%
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-264
Status
published
Products (1)
sap/hana_extended_application_services
Published
Jul 31, 2014
Tracked Since
Feb 18, 2026