CVE-2014-8314

Name of the Vulnerable Software and Affected Versions SAP HANA Developer Edition version 70

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, targeting specific API endpoints: "epm/admin/DataGen.xsjs" or "epm/services/multiply.xsjs" within the democontent.

Recommendations For SAP HANA Developer Edition version 70, consider disabling access to the "epm/admin/DataGen.xsjs" and "epm/services/multiply.xsjs" API endpoints until a patch is available. Restrict input to these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.