Skip to main content

Hana CVE-2015-7728

LOW
Cross-site Scripting (XSS) (CWE-79)
2015-10-15 cve@mitre.org
3.5
CVSS 2.0 · NVD

Severity by source

NVD PRIMARY
3.5 LOW
AV:N/AC:M/Au:S/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:S/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 15, 2015 - 20:59 cve.org
LOW 3.5

DescriptionCVE.org

Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to inject arbitrary web script or HTML via the username, aka SAP Security Note 2153898.

AnalysisAI

Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to inject arbitrary. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to inject arbitrary web script or HTML via the username, aka SAP Security Note 2153898. Affected products include: Sap Hana.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

More in Hana

View all
CVE-2016-1928 CRITICAL
9.8 Jan 20

Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execu

CVE-2015-7986 HIGH POC
7.5 Oct 27

The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a deni

CVE-2016-6142 HIGH POC
7.5 Sep 26

SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail fields into the SYS

CVE-2016-6143 CRITICAL
9.8 Apr 13

SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, ak

CVE-2015-7828 CRITICAL
10.0 Nov 10

SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitra

CVE-2016-6150 CRITICAL
9.8 Aug 05

The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote at

CVE-2021-21484 CRITICAL
9.8 Mar 09

LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured

CVE-2016-1929 CRITICAL
9.3 Jan 20

The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of

CVE-2018-2402 HIGH
8.4 Mar 14

In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more

CVE-2015-2072 MEDIUM POC
4.3 Feb 27

Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.

CVE-2016-6144 HIGH
8.1 Aug 05

The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when t

CVE-2016-6148 HIGH
7.5 Aug 05

SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service (process termination) or execute arbi

Share

CVE-2015-7728 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy