CVE-2015-7729

Name of the Vulnerable Software and Affected Versions SAP HANA Developer Edition DB version 1.00.091.00.1418659308

Description The issue is related to eval injection in the Web-based Development Workbench, allowing remote authenticated users to execute arbitrary XSJS code. This is due to incorrect code generation management in the Development Workbench component of the SAP HANA database management system. Exploitation of this issue can enable a remote attacker to execute arbitrary XSJS code.

Recommendations For SAP HANA Developer Edition DB version 1.00.091.00.1418659308, consider disabling the Development Workbench or restricting access to it until a fix is available. As a temporary workaround, restrict the execution of XSJS code in the Development Workbench to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.