CVE-2015-7994

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.5HIGH

EPSS

2.4%

top 14.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Hana

Timeline

PublishedNov 10

Latest updateMay 17

Description

The SQL interface in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "SQL Login," aka SAP Security Note 2197428.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDsap/hana1.00.73.00.389160

🔴Vulnerability Details

GHSA

GHSA-vjw2-8wx2-hcvh: The SQL interface in SAP HANA DB 1↗2022-05-17

▶

CVEList

CVE-2015-7994: The SQL interface in SAP HANA DB 1↗2015-11-10

▶