Описание
The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "HTTP Login," aka SAP Security Note 2197397.
The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "HTTP Login," aka SAP Security Note 2197397.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-7993
- https://www.onapsis.com/blog/analyzing-sap-security-notes-september-2015
- https://www.onapsis.com/research/security-advisories/SAP_HANA_Remote_Code_Execution_HTTP_based
- http://packetstormsecurity.com/files/134286/SAP-HANA-HTTP-Login-Remote-Code-Execution.html
- http://seclists.org/fulldisclosure/2015/Nov/39
Связанные уязвимости
The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "HTTP Login," aka SAP Security Note 2197397.
Уязвимость системы управления базами данных SAP HANA, позволяющая нарушителю выполнить произвольный код