Nahuel Sanchez

**Name of the Vulnerable Software and Affected Versions** SAP TREX version 7.10 Revision 63 **Description** The issue allows remote attackers to obtain sensitive TNS information via an unspecified query. **Recommendations** For SAP TREX version 7.10 Revision 63, apply the fix provided in SAP Security Note 2234226 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SAP HANA DB version 1.00.73.00.389160 **Description** The issue allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol. **Recommendations** For SAP HANA DB version 1.00.73.00.389160, update to a version that addresses this issue, as specified in SAP Security Note 2197459.

**Name of the Vulnerable Software and Affected Versions** SAP HANA DB version 1.00.73.00.389160 **Description** The issue is related to insufficient input validation, allowing a remote attacker to cause a denial of service or execute arbitrary code via vectors related to an IMPORT statement. This can be exploited by a remote attacker to impact the system. **Recommendations** For SAP HANA DB version 1.00.73.00.389160, consider restricting access to the IMPORT statement until a patch is available. As a temporary workaround, limit the ability to execute arbitrary code by restricting user privileges on the database. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SAP TREX version 7.10 Revision 63 **Description** The issue allows remote attackers to execute arbitrary OS commands with SIDadm privileges. **Recommendations** For SAP TREX version 7.10 Revision 63, apply the fix provided in SAP Security Note 2234226 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SAP HANA version 1.00.091.00.14186593 **Description** The issue allows local users to obtain sensitive information by leveraging the EXPORT statement to export files. **Recommendations** For SAP HANA version 1.00.091.00.14186593, consider restricting access to the EXPORT statement to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SAP HANA hdbsql client version 1.00.091.00 Build 1418659308-1530 **Description** The issue is caused by a buffer overflow in the hdbsql client of the SAP HANA database management system. This can be exploited by a local user to cause a denial of service, potentially leading to memory corruption and other unspecified impacts. **Recommendations** For SAP HANA hdbsql client version 1.00.091.00 Build 1418659308-1530, consider applying the fix provided in SAP Security Note 2140700 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SAP HANA DB version 1.00.73.00.389160 **Description** The issue concerns multiple SQL injection vulnerabilities in the Web-based Development Workbench of SAP HANA DB. These vulnerabilities allow remote authenticated users to execute arbitrary SQL commands. The vulnerabilities are related to unspecified vectors in the trace configuration page and the getSqlTraceConfiguration function. **Recommendations** For SAP HANA DB version 1.00.73.00.389160, consider restricting access to the trace configuration page and the getSqlTraceConfiguration function until a patch is available. As a temporary workaround, avoid using the getSqlTraceConfiguration function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.