CVE-2015-3995

Published: May 29, 2015Modified: May 6, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565.

Affected (1)

Products: Sap: Hana

Sap

1 product

Hana

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Hana	Version 1.00.73.00.389160

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

http://packetstormsecurity.com/files/132066/SAP-HANA-Information-Disclosure.html

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2015/May/119

Source: cve@mitre.org

http://www.onapsis.com/research/security-advisories/SAP-HANA-Information-Disclosure-via-SQL-IMPORT-FROM-statement

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/535619/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/74861

Source: cve@mitre.org

http://packetstormsecurity.com/files/132066/SAP-HANA-Information-Disclosure.html