CVE-2014-5171

high

Description

SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network.

References

https://service.sap.com/sap/support/notes/1963932

http://www.securityfocus.com/bid/68947

http://www.securityfocus.com/archive/1/532940/100/0/threaded

http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-021

http://seclists.org/fulldisclosure/2014/Jul/149

http://scn.sap.com/docs/DOC-8218

http://packetstormsecurity.com/files/127666/SAP-HANA-XS-Missing-Encryption.html

Details

Source: Mitre, NVD

Published: 2014-07-31

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 2.9

Vector: CVSS2#AV:A/AC:M/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00441

Detections

Analytics