CVE-2015-7828

EPSS 3.56%
Published 10.11.2015 17:59:05
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitrary code or have unspecified other impact via a TrexNet packet to the (1) fcopydir, (2) fmkdir, (3) frmdir, (4) getenv, (5) dumpenv, (6) fcopy, (7) fput, (8) fdel, (9) fmove, (10) fget, (11) fappend, (12) fdir, (13) getTraces, (14) kill, (15) pexec, (16) stop, or (17) pythonexec method, aka SAP Security Note 2165583.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

SAP ≫ Hana Updatesp10 Version <= 1.00

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.56%	0.873

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://packetstormsecurity.com/files/134281/SAP-HANA-TrexNet-Command-Execution.html

http://seclists.org/fulldisclosure/2015/Nov/36

https://www.onapsis.com/blog/analyzing-sap-security-notes-august-2015-edition

https://nvd.nist.gov/vuln/detail/CVE-2015-7828

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-7828

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-7828

EUVD