CVE-2019-0284 is a vulnerability in SAP Hana
Published on April 10, 2019

SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML document accepted from an untrusted source. The attacker can call SLDREG with an XML file containing a reference to an XML External Entity (XXE). This can cause SLDREG to, for example, continuously loop, read arbitrary files and even send local files.

NVD

Products Associated with CVE-2019-0284

Want to know whenever a new CVE is published for SAP Hana? stack.watch will email you.

SAP Hana

Affected Versions

SAP SE SAP HANA:

Version < 1.0 is affected.
Version < 2.0 is affected.

Exploit Probability

EPSS

0.04%

Percentile

13.36%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2019-0284 is a vulnerability in SAP HanaPublished on April 10, 2019

Products Associated with CVE-2019-0284

Affected Versions

Exploit Probability

CVE-2019-0284 is a vulnerability in SAP Hana
Published on April 10, 2019