CVE-2017-8914

sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.3 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
VendorProductVersion
saphana_xs
1.00
saphana_xs
2.00
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/96206
https://erpscan.io/advisories/erpscan-17-009-sap-hana-sinopia-default-user-creation-policy-insecure/
https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-february-2017/
http://www.securityfocus.com/bid/96206
https://erpscan.io/advisories/erpscan-17-009-sap-hana-sinopia-default-user-creation-policy-insecure/
https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-february-2017/