Unauthenticated SQL Injection Vulnerability in SAP HANA Extended Application Services, 1.0

Unauthenticated SQL Injection Vulnerability in SAP HANA Extended Application Services, 1.0

CVE-2018-2373 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.