Description
Due to insufficient validation of connection property values, the SAP HANA JDBC Client allows a high-privilege locally authenticated user to supply crafted parameters that lead to unauthorized code loading, resulting in low impact on confidentiality and integrity and high impact on availability of the application.
References (2)
Core 2
Core References
Vendor Advisory
https://me.sap.com/notes/3643385
Vendor Advisory
https://url.sap/sapsecuritypatchday
Scores
CVSS v3
6.9
EPSS
0.0001
EPSS Percentile
3.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-94
Status
published
Products (1)
SAP_SE/SAP HANA JDBC Client
HDB_CLIENT 2.0
Published
Nov 11, 2025
Tracked Since
Feb 18, 2026