CVE-2018-2465: Input Validation
First published: Tue Sep 11 2018(Updated: )
SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP HANA | =1.0 | |
| SAP HANA | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-2465?
The severity of CVE-2018-2465 is high.
Which versions of SAP HANA are affected by CVE-2018-2465?
SAP HANA versions 1.0 and 2.0 are affected by CVE-2018-2465.
What is the vulnerability of CVE-2018-2465?
The vulnerability in CVE-2018-2465 allows an unauthorized hacker to cause the SAP HANA database server to crash.
How can an unauthorized hacker exploit CVE-2018-2465?
An unauthorized hacker can exploit CVE-2018-2465 by not sufficiently validating XML in the SAP HANA Extended Application Services classic model OData parser.
Where can I find more information about CVE-2018-2465?
You can find more information about CVE-2018-2465 at the following references: [SecurityFocus](http://www.securityfocus.com/bid/105324), [SAP Note](https://launchpad.support.sap.com/#/notes/2681207), [SAP Wiki](https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993).
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/weakness
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/sap
- canonical/sap hana
- version/sap hana/1.0
- version/sap hana/2.0