Skip to main content

Hana CVE-2015-3994

MEDIUM
Improper Input Validation (CWE-20)
2015-05-29 cve@mitre.org
4.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.0 MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:S/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
May 29, 2015 - 15:59 cve.org
MEDIUM 4.0

DescriptionCVE.org

The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818.

AnalysisAI

The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request,. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818. Affected products include: Sap Hana.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Hana

View all
CVE-2016-1928 CRITICAL
9.8 Jan 20

Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execu

CVE-2015-7986 HIGH POC
7.5 Oct 27

The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a deni

CVE-2016-6142 HIGH POC
7.5 Sep 26

SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail fields into the SYS

CVE-2016-6143 CRITICAL
9.8 Apr 13

SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, ak

CVE-2015-7828 CRITICAL
10.0 Nov 10

SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitra

CVE-2016-6150 CRITICAL
9.8 Aug 05

The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote at

CVE-2021-21484 CRITICAL
9.8 Mar 09

LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured

CVE-2016-1929 CRITICAL
9.3 Jan 20

The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of

CVE-2018-2402 HIGH
8.4 Mar 14

In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more

CVE-2015-2072 MEDIUM POC
4.3 Feb 27

Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.

CVE-2016-6144 HIGH
8.1 Aug 05

The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when t

CVE-2016-6148 HIGH
7.5 Aug 05

SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service (process termination) or execute arbi

Share

CVE-2015-3994 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy