Vulnerability Details CVE-2016-6148
SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service (process termination) or execute arbitrary code via vectors related to an IMPORT statement, aka SAP Security Note 2233136.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.033
EPSS Ranking 86.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/138450/SAP-HANA-DB-1.00.73.00.389160-Remote-Code-Execution.html
- http://seclists.org/fulldisclosure/2016/Aug/95
- http://www.securityfocus.com/bid/92067
- https://layersevensecurity.com/wp-content/uploads/2016/02/Layer-Seven-Security_SAP-Security-Notes_January-2016.pdf
- https://www.onapsis.com/blog/analyzing-sap-security-notes-january-2016
- http://packetstormsecurity.com/files/138450/SAP-HANA-DB-1.00.73.00.389160-Remote-Code-Execution.html
- http://seclists.org/fulldisclosure/2016/Aug/95
- http://www.securityfocus.com/bid/92067
- https://layersevensecurity.com/wp-content/uploads/2016/02/Layer-Seven-Security_SAP-Security-Notes_January-2016.pdf
- https://www.onapsis.com/blog/analyzing-sap-security-notes-january-2016