Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-2072

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2015-2072
Last Modified 02 Mar 2015 02:11:20
Published 27 Feb 2015 10:59:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-2072

Summary

Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or (2) xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs, aka SAP Note 2069676.

Vulnerable Systems

Application

  • Sap Hana 1.00.73.00.389160

  • Sap Hana 1.00.80.00.391861


References

BID - 72773

BUGTRAQ - 20150225 [Onapsis Security Advisory 2015-001] Multiple Reflected Cross Site Scripting Vulnerabilities in SAP HANA Web-based Development Workbench

MISC - http://packetstormsecurity.com/files/130519/SAP-HANA-Web-based-Development-Workbench-Cross-Site-Scripting.html


Last Updated: 27 May 2016 11:07:58