CVE-2015-3994

EPSS 0.25%
Published 29.05.2015 15:59:14
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818.

Affected products Warnungen 0 Metrics 2 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

SAP ≫ Hana Version1.00.73.00.389160

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.25%	0.456

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://packetstormsecurity.com/files/132067/SAP-HANA-Log-Injection.html

http://seclists.org/fulldisclosure/2015/May/118

http://www.onapsis.com/research/security-advisories/SAP-HANA-Log-Injection-Vulnerability-in-Extended-Application-Services

http://www.securityfocus.com/archive/1/535618/100/0/threaded

http://www.securityfocus.com/bid/74859

https://nvd.nist.gov/vuln/detail/CVE-2015-3994

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-3994

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-3994

EUVD