CVE-2015-7828

EUVD-2015-7726
SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitrary code or have unspecified other impact via a TrexNet packet to the (1) fcopydir, (2) fmkdir, (3) frmdir, (4) getenv, (5) dumpenv, (6) fcopy, (7) fput, (8) fdel, (9) fmove, (10) fget, (11) fappend, (12) fdir, (13) getTraces, (14) kill, (15) pexec, (16) stop, or (17) pythonexec method, aka SAP Security Note 2165583.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
Affected Products (NVD)
VendorProductVersion
saphana
𝑥
≤ 1.00
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/134281/SAP-HANA-TrexNet-Command-Execution.html
http://seclists.org/fulldisclosure/2015/Nov/36
https://www.onapsis.com/blog/analyzing-sap-security-notes-august-2015-edition
http://packetstormsecurity.com/files/134281/SAP-HANA-TrexNet-Command-Execution.html
http://seclists.org/fulldisclosure/2015/Nov/36
https://www.onapsis.com/blog/analyzing-sap-security-notes-august-2015-edition