CVE-2015-7828

Published: Nov 10, 2015Modified: May 6, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitrary code or have unspecified other impact via a TrexNet packet to the (1) fcopydir, (2) fmkdir, (3) frmdir, (4) getenv, (5) dumpenv, (6) fcopy, (7) fput, (8) fdel, (9) fmove, (10) fget, (11) fappend, (12) fdir, (13) getTraces, (14) kill, (15) pexec, (16) stop, or (17) pythonexec method, aka SAP Security Note 2165583.

Affected (1)

Products: Sap: Hana

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Hana	Up to 1.00

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://packetstormsecurity.com/files/134281/SAP-HANA-TrexNet-Command-Execution.html

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2015/Nov/36

Source: cve@mitre.org

https://www.onapsis.com/blog/analyzing-sap-security-notes-august-2015-edition

Source: cve@mitre.org

http://packetstormsecurity.com/files/134281/SAP-HANA-TrexNet-Command-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2015/Nov/36

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.onapsis.com/blog/analyzing-sap-security-notes-august-2015-edition

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.