CVE-2017-8915
HIGHSAP HANA XS 1.00 and 2.00 - Denial of Service via Package Filename with Special Characters
Title source: llmDescription
sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service (assertion failure and service crash) by pushing a package with a filename containing a $ (dollar sign) or % (percent) character, aka SAP Security Note 2407694.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96206
Third Party Advisory x_refsource_misc
https://erpscan.io/advisories/erpscan-17-008-sap-hana-xs-sinopia-dos/
Third Party Advisory x_refsource_misc
https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-february-2017/
Scores
CVSS v3
7.5
EPSS
0.0085
EPSS Percentile
75.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-617
Status
published
Products (2)
sap/hana_xs
1.00
sap/hana_xs
2.00
Published
May 23, 2017
Tracked Since
Feb 18, 2026