SAP

Hana

37 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2015-7991

  • EPSS 0.21%
  • Veröffentlicht 10.11.2015 17:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Web Dispatcher service in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to read web dispatcher and security trace files and possibly obtain passwords via unspecified vectors, aka SAP Security Note 2148854.

10

CVE-2015-7828

  • EPSS 3.56%
  • Veröffentlicht 10.11.2015 17:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitrary code or have unspecified other impact via a TrexNet packet to the (1) fcopydir, (2) fmkdir, (3) frmdir, (4) getenv, (5) dumpenv...

7.5

CVE-2015-7986

Exploit
  • EPSS 25.85%
  • Veröffentlicht 27.10.2015 16:59:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 2197428.

6.5

CVE-2015-7729

  • EPSS 0.49%
  • Veröffentlicht 15.10.2015 20:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892.

3.5

CVE-2015-7728

  • EPSS 0.18%
  • Veröffentlicht 15.10.2015 20:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to inject arbitrary web script or HTML via the username, aka SAP Securi...

6.5

CVE-2015-7727

  • EPSS 0.6%
  • Veröffentlicht 15.10.2015 20:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the (1) trace configuration pa...

3.5

CVE-2015-7726

  • EPSS 0.18%
  • Veröffentlicht 15.10.2015 20:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in role deletion in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allows remote authenticated users to inject arbitrary web script or HTML via the role name, aka SAP Security Note 2...

6.5

CVE-2015-7725

  • EPSS 1.01%
  • Veröffentlicht 15.10.2015 20:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allow remote authenticated users to execute arbitrary SQL commands via the (1) remoteSourceName in the dropCredentials function or uns...

7.2

CVE-2015-6507

  • EPSS 0.06%
  • Veröffentlicht 15.10.2015 20:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The hdbsql client 1.00.091.00 Build 1418659308-1530 in SAP HANA allows local users to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2140700.

4

CVE-2015-3995

  • EPSS 0.25%
  • Veröffentlicht 29.05.2015 15:59:16
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565.