CVE-2015-7728

Name of the Vulnerable Software and Affected Versions SAP HANA DB version 1.00.73.00.389160

Description The issue is related to a cross-site scripting (XSS) vulnerability in the user creation functionality of the Web-based Development Workbench in SAP HANA DB. This vulnerability allows remote authenticated users to inject arbitrary web script or HTML via the username. The vulnerability exists due to insufficient protection of the web page structure, which can be exploited by a remote attacker to execute arbitrary web or HTML code.

Recommendations For SAP HANA DB version 1.00.73.00.389160, consider restricting access to the user creation functionality in the Web-based Development Workbench until a fix is available. As a temporary workaround, avoid using the username field in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.