Description
SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459.
References (4)
Core 4
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/138441/SAP-HANA-DB-1.00.73.00.389160-SAP-Protocol-Audit-Injection.html
Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/Aug/89
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/92566
Third Party Advisory x_refsource_misc
http://onapsis.com/research/security-advisories/sap-hana-arbitrary-audit-injection-sql-protocol
Scores
CVSS v3
7.5
EPSS
0.0122
EPSS Percentile
79.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
Status
published
Products (1)
sap/hana
1.00.73.00.389160
Published
Sep 26, 2016
Tracked Since
Feb 18, 2026