Computer Security
[EN] securityvulns.ru no-pyccku


SAP Hana security vulnerabilities
Published:01.06.2015
Source:
SecurityVulns ID:14503
Type:remote
Threat Level:
6/10
Description:Information spoofing, information disclosure.
Affected:SAP : HANA DB 1.00
CVE:CVE-2015-3995 (SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565.)
 CVE-2015-3994 (The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818.)
Original documentdocumentOnapsis Research Labs, [Onapsis Security Advisory 2015-006] SAP HANA Information Disclosure via SQL IMPORT FROM statement (01.06.2015)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2015-007] SAP HANA Log Injection Vulnerability (01.06.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod