CVE-2015-6507

The hdbsql client 1.00.091.00 Build 1418659308-1530 in SAP HANA allows local users to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2140700.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://packetstormsecurity.com/files/133760/SAP-HANA-hdbsql-Memory-Corruption.html
http://seclists.org/fulldisclosure/2015/Sep/109
https://www.onapsis.com/blog/analyzing-sap-security-notes-april-2015-edition
https://www.onapsis.com/research/security-advisories/sap-hana-multiple-memory-corruption-vulnerabilities

Configurations

Configuration 1 (hide)

cpe:2.3:a:sap:hana:1.00.091.00:*:*:*:*:*:*:*

History

No history.

Information

Published : 2015-10-15 20:59

Updated : 2015-10-16 15:02

NVD link : CVE-2015-6507

Mitre link : CVE-2015-6507

CVE.ORG link : CVE-2015-6507

JSON object : View

Products Affected

sap

hana

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

7.2 /10