Computer Security
[EN] no-pyccku

SAP Hana security vulnerabilities
SecurityVulns ID:14503
Threat Level:
Description:Information spoofing, information disclosure.
Affected:SAP : HANA DB 1.00
CVE:CVE-2015-3995 (SAP HANA DB (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565.)
 CVE-2015-3994 (The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818.)
Original documentdocumentOnapsis Research Labs, [Onapsis Security Advisory 2015-006] SAP HANA Information Disclosure via SQL IMPORT FROM statement (01.06.2015)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2015-007] SAP HANA Log Injection Vulnerability (01.06.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod