CVE-2017-8914
HIGHSAP HANA XS - Arbitrary File Hosting via Insecure User Creation Policy
Title source: llmDescription
sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96206
Third Party Advisory x_refsource_misc
https://erpscan.io/advisories/erpscan-17-009-sap-hana-sinopia-default-user-creation-policy-insecure/
Third Party Advisory x_refsource_misc
https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-february-2017/
Scores
CVSS v3
8.3
EPSS
0.0049
EPSS Percentile
65.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Details
Status
published
Products (2)
sap/hana_xs
1.00
sap/hana_xs
2.00
Published
May 23, 2017
Tracked Since
Feb 18, 2026