CVE-2015-7994

Published: Nov 10, 2015Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The SQL interface in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "SQL Login," aka SAP Security Note 2197428.

Affected (1)

Products: Sap: Hana

Sap

1 product

Hana

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Hana	Version 1.00.73.00.389160

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

http://packetstormsecurity.com/files/134287/SAP-HANA-SQL-Login-Remote-Code-Execution.html

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2015/Nov/40

Source: cve@mitre.org

https://www.onapsis.com/blog/analyzing-sap-security-notes-october-2015

Source: cve@mitre.org

https://www.onapsis.com/research/security-advisories/SAP_HANA_Remote_Code_Execution_SQL_based

Source: cve@mitre.org

http://packetstormsecurity.com/files/134287/SAP-HANA-SQL-Login-Remote-Code-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2015/Nov/40

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.onapsis.com/blog/analyzing-sap-security-notes-october-2015

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.onapsis.com/research/security-advisories/SAP_HANA_Remote_Code_Execution_SQL_based

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.