CVE-2015-2072: XSS
First published: Fri Feb 27 2015(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or (2) xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs, aka SAP Note 2069676.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP HANA | =1.00.73.00.389160 | |
| SAP HANA | =1.00.80.00.391861 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-2072?
CVE-2015-2072 is classified as a moderate severity vulnerability due to its potential impact on web application security.
How do I fix CVE-2015-2072?
To fix CVE-2015-2072, update SAP HANA to version 1.00.80.00.391861 or later to mitigate the cross-site scripting vulnerabilities.
What are the impacted versions for CVE-2015-2072?
CVE-2015-2072 affects SAP HANA versions 1.00.73.00.389160 and 1.00.80.00.391861.
What type of vulnerability is CVE-2015-2072?
CVE-2015-2072 is a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious web scripts into affected applications.
Who can be affected by CVE-2015-2072?
Remote attackers can exploit CVE-2015-2072 to inject arbitrary web scripts into applications using vulnerable versions of SAP HANA.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/sap
- canonical/sap hana
- version/sap hana/1.00.73.00.389160
- version/sap hana/1.00.80.00.391861