Vulnerability Description
SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitrary code or have unspecified other impact via a TrexNet packet to the (1) fcopydir, (2) fmkdir, (3) frmdir, (4) getenv, (5) dumpenv, (6) fcopy, (7) fput, (8) fdel, (9) fmove, (10) fget, (11) fappend, (12) fdir, (13) getTraces, (14) kill, (15) pexec, (16) stop, or (17) pythonexec method, aka SAP Security Note 2165583.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Hana | <= 1.00 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/134281/SAP-HANA-TrexNet-Command-Execution.h
- http://seclists.org/fulldisclosure/2015/Nov/36
- https://www.onapsis.com/blog/analyzing-sap-security-notes-august-2015-edition
- http://packetstormsecurity.com/files/134281/SAP-HANA-TrexNet-Command-Execution.h
- http://seclists.org/fulldisclosure/2015/Nov/36
- https://www.onapsis.com/blog/analyzing-sap-security-notes-august-2015-edition
FAQ
What is CVE-2015-7828?
CVE-2015-7828 is a vulnerability with a CVSS score of 10.0 (HIGH). SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitrary code or have unspecified other impact via a TrexNet packet to the (1) fcopydi...
How severe is CVE-2015-7828?
CVE-2015-7828 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-7828?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Hana.