Vulnerability Details CVE-2016-1928
Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security Note 2241978.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.373
EPSS Ranking 97.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://seclists.org/fulldisclosure/2016/Apr/65
- http://www.securityfocus.com/archive/1/538212/100/0/threaded
- https://erpscan.io/advisories/erpscan-16-005-sap-hana-hdbxsengine-json-dos/
- https://erpscan.io/press-center/blog/sap-security-notes-january-2016-review/
- http://seclists.org/fulldisclosure/2016/Apr/65
- http://www.securityfocus.com/archive/1/538212/100/0/threaded
- https://erpscan.io/advisories/erpscan-16-005-sap-hana-hdbxsengine-json-dos/
- https://erpscan.io/press-center/blog/sap-security-notes-january-2016-review/