CVE-2015-7727: SQL Injection
First published: Thu Oct 15 2015(Updated: )
Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the (1) trace configuration page or (2) getSqlTraceConfiguration function, aka SAP Security Note 2153898.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP HANA | =1.00.73.00.389160 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/133766/SAP-HANA-Trace-Configuration-SQL-Injection.html
- http://packetstormsecurity.com/files/133768/SAP-HANA-getSqlTraceConfiguration-SQL-Injection.html
- http://seclists.org/fulldisclosure/2015/Sep/115
- http://seclists.org/fulldisclosure/2015/Sep/117
- http://www.onapsis.com/research/security-advisories/SAP-HANA-Trace-configuration-SQL-injection
- https://www.onapsis.com/blog/analyzing-sap-security-notes-may-2015-edition
- https://www.onapsis.com/research/security-advisories/sap-hana-sql-injection-getsqltraceconfiguration-function
- collector/nvd-index
- agent/author
- agent/severity
- agent/type
- agent/event
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/sap
- canonical/sap hana
- version/sap hana/1.00.73.00.389160