CVE-2015-7727

Name of the Vulnerable Software and Affected Versions SAP HANA DB version 1.00.73.00.389160

Description The issue concerns multiple SQL injection vulnerabilities in the Web-based Development Workbench of SAP HANA DB. These vulnerabilities allow remote authenticated users to execute arbitrary SQL commands. The vulnerabilities are related to unspecified vectors in the trace configuration page and the getSqlTraceConfiguration function.

Recommendations For SAP HANA DB version 1.00.73.00.389160, consider restricting access to the trace configuration page and the getSqlTraceConfiguration function until a patch is available. As a temporary workaround, avoid using the getSqlTraceConfiguration function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.