Vulnerability Details CVE-2015-7994
The SQL interface in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "SQL Login," aka SAP Security Note 2197428.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 82.0%
CVSS Severity
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/134287/SAP-HANA-SQL-Login-Remote-Code-Execution.html
- http://seclists.org/fulldisclosure/2015/Nov/40
- https://www.onapsis.com/blog/analyzing-sap-security-notes-october-2015
- https://www.onapsis.com/research/security-advisories/SAP_HANA_Remote_Code_Execution_SQL_based
- http://packetstormsecurity.com/files/134287/SAP-HANA-SQL-Login-Remote-Code-Execution.html
- http://seclists.org/fulldisclosure/2015/Nov/40
- https://www.onapsis.com/blog/analyzing-sap-security-notes-october-2015
- https://www.onapsis.com/research/security-advisories/SAP_HANA_Remote_Code_Execution_SQL_based