CVE-2019-0284

Name of the Vulnerable Software and Affected Versions: SAP HANA versions prior to 1.0 SAP HANA versions prior to 2.0

Description: The issue concerns insufficient validation of an XML document accepted from an untrusted source in SLD Registration. An attacker can exploit this by calling SLDREG with a malicious XML file containing a reference to an XML External Entity (XXE). This can lead to SLDREG continuously looping, reading arbitrary files, or even sending local files.

Recommendations: For versions prior to 1.0, update to version 1.0 to resolve the issue. For versions prior to 2.0, update to version 2.0 to resolve the issue.