Onapsis Security Advisory – SAP HANA role deletion through web-based development workbench suffers from a cross site scripting vulnerability.

Onapsis Security Advisory – SAP HANA suffers from a remote SQL injection vulnerability in the trace configuration. By exploiting this vulnerability an attacker could change configuration settings in the HANA system, affecting the integrity of the data stored and possibly turning the platform unavailable to other users.

Onapsis Security Advisory – SAP HANA suffers from a remote SQL injection vulnerability in the setTraceLevelsForXsApps function. By exploiting this vulnerability an attacker could change configuration settings in the HANA system, affecting the integrity of the data stored and possibly turning the platform unavailable to other users, who won’t be able to perform their assigned business operations.

Onapsis Security Advisory – SAP HANA suffers from an XSJS code injection vulnerability in test-net.xsjs. By exploiting this vulnerability a remote authenticated attacker would be able to partially compromise the SAP system as well as all the information processed and stored in the HANA system.