CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-7725

Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allow remote authenticated users to execute arbitrary SQL commands via the (1) remoteSourceName in the dropCredentials function or unspecified vectors in the (2) setTraceLevelsForXsApps, (3) _modifyUser, or (4) _newUser function, aka SAP Security Notes 2153898 and 2153765.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.01

EPSS Ranking 76.1%

CVSS Severity

CVSS v2 Score 6.5

References

http://packetstormsecurity.com/files/133761/SAP-HANA-_modifyUser-SQL-Injection.html
http://packetstormsecurity.com/files/133762/SAP-HANA-_newUser-SQL-Injection.html
http://packetstormsecurity.com/files/133764/SAP-HANA-setTraceLevelsForXsApps-SQL-Injection.html
http://packetstormsecurity.com/files/133769/SAP-HANA-Drop-Credentials-SQL-Injection.html
http://seclists.org/fulldisclosure/2015/Sep/110
http://seclists.org/fulldisclosure/2015/Sep/111
http://seclists.org/fulldisclosure/2015/Sep/113
http://seclists.org/fulldisclosure/2015/Sep/118
https://www.onapsis.com/blog/analyzing-sap-security-notes-may-2015-edition
https://www.onapsis.com/research/security-advisories/sap-hana-drop-credentials-sql-injection
https://www.onapsis.com/research/security-advisories/sap-hana-sql-injection-modifyuser
https://www.onapsis.com/research/security-advisories/sap-hana-sql-injection-newuser
https://www.onapsis.com/research/security-advisories/sap-sql-injection-settracelevelsforxsapps
http://packetstormsecurity.com/files/133761/SAP-HANA-_modifyUser-SQL-Injection.html
http://packetstormsecurity.com/files/133762/SAP-HANA-_newUser-SQL-Injection.html
http://packetstormsecurity.com/files/133764/SAP-HANA-setTraceLevelsForXsApps-SQL-Injection.html
http://packetstormsecurity.com/files/133769/SAP-HANA-Drop-Credentials-SQL-Injection.html
http://seclists.org/fulldisclosure/2015/Sep/110
http://seclists.org/fulldisclosure/2015/Sep/111
http://seclists.org/fulldisclosure/2015/Sep/113
http://seclists.org/fulldisclosure/2015/Sep/118
https://www.onapsis.com/blog/analyzing-sap-security-notes-may-2015-edition
https://www.onapsis.com/research/security-advisories/sap-hana-drop-credentials-sql-injection
https://www.onapsis.com/research/security-advisories/sap-hana-sql-injection-modifyuser
https://www.onapsis.com/research/security-advisories/sap-hana-sql-injection-newuser
https://www.onapsis.com/research/security-advisories/sap-sql-injection-settracelevelsforxsapps

Products affected by CVE-2015-7725

Sap » Hana » Version: 1.00.091.00

cpe:2.3:a:sap:hana:1.00.091.00

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-7725

Products

Pricing

Contact Us