Mathieu Geli

**Name of the Vulnerable Software and Affected Versions** SAP HANA (affected versions not specified) **Description** The issue is related to a buffer overflow in the XS engine of SAP HANA, which can be exploited by remote attackers via a crafted HTTP request related to JSON. This can lead to a denial of service or the execution of arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SAP HANA (affected versions not specified) **Description** The issue allows remote attackers to spoof log entries in trace files, potentially causing a denial of service due to disk consumption and process crash. This is achieved via a crafted HTTP request, related to an unspecified debug function. The problem exists due to insufficient input validation in the XS engine of the SAP HANA database management system. An attacker can exploit this issue to cause a denial of service using a specially formed HTTP request. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SAP Manufacturing Integration and Intelligence (MII) (affected versions not specified) **Description** The issue concerns the use of weak encryption, specifically Base64 and DES, which can be exploited by attackers to conduct downgrade attacks and decrypt passwords. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SAP Plant Connectivity (PCo) (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service, resulting in memory corruption and agent crash, via crafted xMII requests. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SAP HANA version 1.00.095 **Description** The issue is caused by a buffer overflow in the index server component of the SAP HANA database management system. This allows remote attackers to execute arbitrary code or cause a denial of service via a specially crafted HTTP request. **Recommendations** For SAP HANA version 1.00.095, apply the fix as described in SAP Security Note 2197428 to resolve the issue.