CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-7993

The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "HTTP Login," aka SAP Security Note 2197397.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 60.6%

CVSS Severity

CVSS v2 Score 7.5

References

http://packetstormsecurity.com/files/134286/SAP-HANA-HTTP-Login-Remote-Code-Execution.html
http://seclists.org/fulldisclosure/2015/Nov/39
https://www.onapsis.com/blog/analyzing-sap-security-notes-september-2015
https://www.onapsis.com/research/security-advisories/SAP_HANA_Remote_Code_Execution_HTTP_based
http://packetstormsecurity.com/files/134286/SAP-HANA-HTTP-Login-Remote-Code-Execution.html
http://seclists.org/fulldisclosure/2015/Nov/39
https://www.onapsis.com/blog/analyzing-sap-security-notes-september-2015
https://www.onapsis.com/research/security-advisories/SAP_HANA_Remote_Code_Execution_HTTP_based

Products affected by CVE-2015-7993

Sap » Hana » Version: 1.00.73.00.389160

cpe:2.3:a:sap:hana:1.00.73.00.389160

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-7993

Products

Pricing

Contact Us