CVE-2015-7726

Name of the Vulnerable Software and Affected Versions SAP HANA DB version 1.00.091.00.1418659308

Description The issue exists due to insufficient protection of the web page structure in the Development Workbench component of the SAP HANA database management system. This allows a remote attacker to execute arbitrary web or HTML code. The vulnerability can be exploited through a cross-site scripting (XSS) attack in role deletion, where an authenticated user can inject arbitrary web script or HTML via the role name variable.

Recommendations For SAP HANA DB version 1.00.091.00.1418659308, update the system according to the guidance provided in SAP Security Note 2153898 to resolve the issue. As a temporary workaround, consider restricting access to the Development Workbench and limiting the ability to delete roles to minimize the risk of exploitation. Avoid using the role name variable in the affected API endpoint until the issue is resolved.