CVE-2015-2072

Name of the Vulnerable Software and Affected Versions SAP HANA version 1.00.73.00.389160 SAP HANA Developer Edition version 1.00.80.00.391861

Description The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, affecting the SAP HANA and HANA Developer Edition. This can be done through the "ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs" or "xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs" endpoints.

Recommendations For SAP HANA version 1.00.73.00.389160, consider restricting access to the "ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs" and "xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs" endpoints until a fix is available. For SAP HANA Developer Edition version 1.00.80.00.391861, consider restricting access to the "ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs" and "xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs" endpoints until a fix is available.