CVE-2015-7828: Input Validation
First published: Tue Nov 10 2015(Updated: )
SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitrary code or have unspecified other impact via a TrexNet packet to the (1) fcopydir, (2) fmkdir, (3) frmdir, (4) getenv, (5) dumpenv, (6) fcopy, (7) fput, (8) fdel, (9) fmove, (10) fget, (11) fappend, (12) fdir, (13) getTraces, (14) kill, (15) pexec, (16) stop, or (17) pythonexec method, aka SAP Security Note 2165583.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP HANA Database | <=1.00 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-7828?
CVE-2015-7828 has a critical severity level due to the lack of authentication allowing remote code execution.
How do I fix CVE-2015-7828?
To fix CVE-2015-7828, upgrade to SAP HANA Database version 1.00 SPS11 or later.
What software is affected by CVE-2015-7828?
CVE-2015-7828 affects SAP HANA Database versions 1.00 SPS10 and earlier.
What type of attacks can exploit CVE-2015-7828?
CVE-2015-7828 can be exploited by remote attackers to execute arbitrary code via TrexNet packets.
Is authentication required for accessing SAP HANA Database when CVE-2015-7828 is present?
No, CVE-2015-7828 indicates that authentication is not required, allowing unauthorized access.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap hana database
- version/sap hana database/1.00