Back to search
CVE-2015-7725
Published: Oct 15, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allow remote authenticated users to execute arbitrary SQL commands via the (1) remoteSourceName in the dropCredentials function or unspecified vectors in the (2) setTraceLevelsForXsApps, (3) _modifyUser, or (4) _newUser function, aka SAP Security Notes 2153898 and 2153765.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20150929 [Onapsis Security Advisory 2015-023] SAP HANA Drop Credentials SQL injection
mailing-list
x_refsource_FULLDISC
20150929 [Onapsis Security Advisory 2015-016] SAP HANA SQL injection in _newUser function
mailing-list
x_refsource_FULLDISC
20150929 [Onapsis Security Advisory 2015-015] SAP HANA SQL injection in _modifyUser function
mailing-list
x_refsource_FULLDISC
20150929 [Onapsis Security Advisory 2015-018] SAP HANA SQL injection in, setTraceLevelsForXsApps function
mailing-list
x_refsource_FULLDISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now