CVE-2015-7729

CWE-94 — Code Injection3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.5%

top 34.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Hana

Timeline

PublishedOct 15

Latest updateMay 17

Description

Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

▶NVDsap/hana1.00.091.00

🔴Vulnerability Details

GHSA

GHSA-vfv7-68jw-2rq6: Eval injection in test-net↗2022-05-17

▶

CVEList

CVE-2015-7729: Eval injection in test-net↗2015-10-15

▶