CVE-2019-0364

Name of the Vulnerable Software and Affected Versions SAP HANA Extended Application Services versions prior to 1.0.118

Description The issue is related to insufficient input validation in the SAP HANA Extended Application Services development tool. This can be exploited by a remote attacker to gain unauthorized access to the list of open ports. Attackers may misuse an HTTP/REST endpoint to enumerate open ports.

Recommendations For versions prior to 1.0.118, update to version 1.0.118 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP/REST endpoint to minimize the risk of exploitation.