CVE-2015-3994Improper Input Validation in SAP Hana

CWE-20Improper Input Validation3 documents3 sources
Severity
4.0MEDIUMNVD
EPSS
0.3%
top 51.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP Hana
Timeline
PublishedMay 29
Latest updateMay 14

Description

The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

NVDsap/hana1.00.73.00.389160

🔴Vulnerability Details

2
GHSA
GHSA-c8xv-5cpm-rx3x: The grant2022-05-14
CVEList
CVE-2015-3994: The grant2015-05-29
CVE-2015-3994 — Improper Input Validation in SAP Hana | cvebase