CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7725
https://notcve.org/view.php?id=CVE-2015-7725
Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allow remote authenticated users to execute arbitrary SQL commands via the (1) remoteSourceName in the dropCredentials function or unspecified vectors in the (2) setTraceLevelsForXsApps, (3) _modifyUser, or (4) _newUser function, aka SAP Security Notes 2153898 and 2153765. Múltiples vulnerabilidades de inyección SQL en el Web-based Development Workbench en SAP HANA DB 1.00.091.00.1418659308 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de (1) remoteSourceName en la función dropCredentials o vectores no especificados en la función (2) setTraceLevelsForXsApps, (3) _modifyUser o (4) _newUser, también conocidas como SAP Security Notes 2153898 y 2153765. • http://packetstormsecurity.com/files/133761/SAP-HANA-_modifyUser-SQL-Injection.html http://packetstormsecurity.com/files/133762/SAP-HANA-_newUser-SQL-Injection.html http://packetstormsecurity.com/files/133764/SAP-HANA-setTraceLevelsForXsApps-SQL-Injection.html http://packetstormsecurity.com/files/133769/SAP-HANA-Drop-Credentials-SQL-Injection.html http://seclists.org/fulldisclosure/2015/Sep/110 http://seclists.org/fulldisclosure/2015/Sep/111 http://seclists.org/fulldisclosure/2015/Sep/113 http://seclists.org&#x • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6507
https://notcve.org/view.php?id=CVE-2015-6507
The hdbsql client 1.00.091.00 Build 1418659308-1530 in SAP HANA allows local users to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2140700. El cliente hdbsql 1.00.091.00 Build 1418659308-1530 en SAP HANA permite a usuarios locales causar una denegación de servicio (corrupción de memoria) y posiblemente tener otro impácto no especificado a través de vectores desconocidos, también conocido como SAP Security Note 2140700. • http://packetstormsecurity.com/files/133760/SAP-HANA-hdbsql-Memory-Corruption.html http://seclists.org/fulldisclosure/2015/Sep/109 https://www.onapsis.com/blog/analyzing-sap-security-notes-april-2015-edition https://www.onapsis.com/research/security-advisories/sap-hana-multiple-memory-corruption-vulnerabilities • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •