Primary

Context

SAP HANA 2.0 Missing Authentication Vulnerability in Remote-Enabled Functions

Vulnerability

A vulnerability in SAP HANA 2.0 (hdbrss) allows an unauthenticated attacker to invoke a remote-enabled function, potentially leading to unauthorized information disclosure. This issue arises from a lack of proper authentication, which could be exploited to access sensitive data. While the vulnerability has a low impact on confidentiality, it does not affect the integrity or availability of the system.

Impact

Exploitation of this vulnerability could result in unauthorized access to information, although it does not compromise system integrity or availability.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Patch Day occurs on the second Tuesday of each month, when SAP releases security updates and patches. For more information, visit the SAP Security Patch Day page on SAP for Me.

Added: Nov 11, 2025, 1:32 AM

Updated: Nov 11, 2025, 1:32 AM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP HANA 2.0 Missing Authentication Vulnerability in Remote-Enabled Functions

Vulnerability

Impact

Remediation

Affected Products

SAP HANA

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating