CVE-2015-3995Sensitive Information Exposure in SAP Hana

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
4.0MEDIUMNVD
EPSS
0.3%
top 51.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP Hana
Timeline
PublishedMay 29
Latest updateMay 14

Description

SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

NVDsap/hana1.00.73.00.389160

🔴Vulnerability Details

2
GHSA
GHSA-43wj-2j22-7v74: SAP HANA DB 12022-05-14
CVEList
CVE-2015-3995: SAP HANA DB 12015-05-29
CVE-2015-3995 — Sensitive Information Exposure in SAP | cvebase