ByteOS Network

CVE Vulnerability Details :

CVE-2015-7725

PUBLISHED

More Info Official Page

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-15 Oct, 2015 | 20:00

Updated At-06 Aug, 2024 | 07:58

▼CVE Numbering Authority (CNA)

Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allow remote authenticated users to execute arbitrary SQL commands via the (1) remoteSourceName in the dropCredentials function or unspecified vectors in the (2) setTraceLevelsForXsApps, (3) _modifyUser, or (4) _newUser function, aka SAP Security Notes 2153898 and 2153765.

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

References

Hyperlink	Resource
http://packetstormsecurity.com/files/133764/SAP-HANA-setTraceLevelsForXsApps-SQL-Injection.html	x_refsource_MISC
https://www.onapsis.com/research/security-advisories/sap-hana-sql-injection-modifyuser	x_refsource_MISC
https://www.onapsis.com/research/security-advisories/sap-hana-drop-credentials-sql-injection	x_refsource_MISC
http://seclists.org/fulldisclosure/2015/Sep/118	mailing-list x_refsource_FULLDISC
http://packetstormsecurity.com/files/133762/SAP-HANA-_newUser-SQL-Injection.html	x_refsource_MISC
http://seclists.org/fulldisclosure/2015/Sep/111	mailing-list x_refsource_FULLDISC
https://www.onapsis.com/research/security-advisories/sap-hana-sql-injection-newuser	x_refsource_MISC
https://www.onapsis.com/blog/analyzing-sap-security-notes-may-2015-edition	x_refsource_MISC
http://packetstormsecurity.com/files/133761/SAP-HANA-_modifyUser-SQL-Injection.html	x_refsource_MISC
https://www.onapsis.com/research/security-advisories/sap-sql-injection-settracelevelsforxsapps	x_refsource_MISC
http://packetstormsecurity.com/files/133769/SAP-HANA-Drop-Credentials-SQL-Injection.html	x_refsource_MISC
http://seclists.org/fulldisclosure/2015/Sep/110	mailing-list x_refsource_FULLDISC
http://seclists.org/fulldisclosure/2015/Sep/113	mailing-list x_refsource_FULLDISC

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://packetstormsecurity.com/files/133764/SAP-HANA-setTraceLevelsForXsApps-SQL-Injection.html	x_refsource_MISC x_transferred
https://www.onapsis.com/research/security-advisories/sap-hana-sql-injection-modifyuser	x_refsource_MISC x_transferred
https://www.onapsis.com/research/security-advisories/sap-hana-drop-credentials-sql-injection	x_refsource_MISC x_transferred
http://seclists.org/fulldisclosure/2015/Sep/118	mailing-list x_refsource_FULLDISC x_transferred
http://packetstormsecurity.com/files/133762/SAP-HANA-_newUser-SQL-Injection.html	x_refsource_MISC x_transferred
http://seclists.org/fulldisclosure/2015/Sep/111	mailing-list x_refsource_FULLDISC x_transferred
https://www.onapsis.com/research/security-advisories/sap-hana-sql-injection-newuser	x_refsource_MISC x_transferred
https://www.onapsis.com/blog/analyzing-sap-security-notes-may-2015-edition	x_refsource_MISC x_transferred
http://packetstormsecurity.com/files/133761/SAP-HANA-_modifyUser-SQL-Injection.html	x_refsource_MISC x_transferred
https://www.onapsis.com/research/security-advisories/sap-sql-injection-settracelevelsforxsapps	x_refsource_MISC x_transferred
http://packetstormsecurity.com/files/133769/SAP-HANA-Drop-Credentials-SQL-Injection.html	x_refsource_MISC x_transferred
http://seclists.org/fulldisclosure/2015/Sep/110	mailing-list x_refsource_FULLDISC x_transferred
http://seclists.org/fulldisclosure/2015/Sep/113	mailing-list x_refsource_FULLDISC x_transferred

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References