First published: Fri May 29 2015(Updated: )
The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
SAP HANA | =1.00.73.00.389160 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-3994 has a medium severity rating due to its potential impact on log integrity.
To fix CVE-2015-3994, apply the latest SAP HANA patches that address this vulnerability.
CVE-2015-3994 affects remote authenticated users of SAP HANA DB version 1.00.73.00.389160.
CVE-2015-3994 is classified as a log injection vulnerability that allows spoofing of log entries.
CVE-2015-3994 was disclosed in May 2015.