Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-7986

CWE-119 — Buffer Overflow4 documents4 sources

Severity

7.5HIGH

EPSS

27.3%

top 3.60%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

SAP Hana

Timeline

PublishedOct 27

Latest updateMay 14

Description

The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 2197428.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDsap/hana1.00.095

🔴Vulnerability Details

GHSA

GHSA-m36h-392c-pfv3: The index server (hdbindexserver) in SAP HANA 1↗2022-05-14

▶

CVEList

CVE-2015-7986: The index server (hdbindexserver) in SAP HANA 1↗2015-10-27

▶

💥Exploits & PoCs

Exploit-DB

SAP HANA 1.00.095 - hdbindexserver Memory Corruption↗2016-01-28

▶