CVE-2016-6148

Published: Aug 5, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service (process termination) or execute arbitrary code via vectors related to an IMPORT statement, aka SAP Security Note 2233136.

Affected (1)

Products: Sap: Hana

Sap

1 product

Hana

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Hana	Version 1.00.73.00.389160

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://packetstormsecurity.com/files/138450/SAP-HANA-DB-1.00.73.00.389160-Remote-Code-Execution.html

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2016/Aug/95

Source: cve@mitre.org

http://www.securityfocus.com/bid/92067

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://layersevensecurity.com/wp-content/uploads/2016/02/Layer-Seven-Security_SAP-Security-Notes_January-2016.pdf

Source: cve@mitre.org

Technical Description

https://www.onapsis.com/blog/analyzing-sap-security-notes-january-2016

Source: cve@mitre.org

Third Party Advisory

http://packetstormsecurity.com/files/138450/SAP-HANA-DB-1.00.73.00.389160-Remote-Code-Execution.html