CVE-2017-8915

Name of the Vulnerable Software and Affected Versions SAP HANA XS versions 1.00 through 2.00

Description The issue allows remote attackers to cause a denial of service, resulting in an assertion failure and service crash. This can be achieved by pushing a package with a filename containing a $ (dollar sign) or % (percent) character.

Recommendations For SAP HANA XS versions 1.00 through 2.00, consider restricting package uploads to prevent filenames with $ or % characters until a fix is available. As a temporary workaround, monitor service stability and be prepared to restart the service in case of a crash. At the moment, there is no information about a newer version that contains a fix for this vulnerability.