CVE-2015-7727

CWE-89SQL Injection3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.6%
top 30.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP Hana
Timeline
PublishedOct 15
Latest updateMay 17

Description

Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the (1) trace configuration page or (2) getSqlTraceConfiguration function, aka SAP Security Note 2153898.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

NVDsap/hana1.00.73.00.389160

🔴Vulnerability Details

2
GHSA
GHSA-r845-qvc2-96fh: Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 12022-05-17
CVEList
CVE-2015-7727: Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 12015-10-15
CVE-2015-7727 (MEDIUM CVSS 6.5) | Multiple SQL injection vulnerabilit | cvebase.io