Vulnerability Details CVE-2014-8313
Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.9%
CVSS Severity
CVSS v2 Score 6.0
References
- http://packetstormsecurity.com/files/128597/SAP-HANA-Web-based-Development-Workbench-Code-Injection.html
- http://scn.sap.com/docs/DOC-55451
- http://seclists.org/fulldisclosure/2014/Oct/36
- http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-028
- http://www.securityfocus.com/archive/1/533643/100/0/threaded
- http://www.securityfocus.com/bid/70293
- https://exchange.xforce.ibmcloud.com/vulnerabilities/96879
- https://service.sap.com/sap/support/notes/2015446
- http://packetstormsecurity.com/files/128597/SAP-HANA-Web-based-Development-Workbench-Code-Injection.html
- http://scn.sap.com/docs/DOC-55451
- http://seclists.org/fulldisclosure/2014/Oct/36
- http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-028
- http://www.securityfocus.com/archive/1/533643/100/0/threaded
- http://www.securityfocus.com/bid/70293
- https://exchange.xforce.ibmcloud.com/vulnerabilities/96879
- https://service.sap.com/sap/support/notes/2015446