CVE-2015-7828

Name of the Vulnerable Software and Affected Versions SAP HANA Database version 1.00 SPS10 and earlier

Description The issue allows remote attackers to execute arbitrary code due to insufficient input validation. This can be achieved by sending a TrexNet packet to various methods, including fcopydir, fmkdir, frmdir, getenv, dumpenv, fcopy, fput, fdel, fmove, fget, fappend, fdir, getTraces, kill, pexec, stop, and pythonexec.

Recommendations For SAP HANA Database version 1.00 SPS10 and earlier, consider disabling the affected methods until a patch is available. Restrict access to the TrexNet packet handling functionality to minimize the risk of exploitation. Avoid using the vulnerable functions in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.