NVD

Id
28200  
Name
CVE-2015-7729  
Description
Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892.  
Reject
 
CVSS Version
2  
CVSS Score
6.5  
Severity
Medium  
CVSS Base Score
6.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2015-10-15  
Modified Date
2015-10-16  
Seq
2015-7729  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
148272 28200 CVE-2015-7729 http://packetstormsecurity.com/files/133763/SAP-HANA-test-net.xsjs-Code-Injection.html  View
148273 28200 CVE-2015-7729 20150929 [Onapsis Security Advisory 2015-017] SAP HANA XSJS Code Injection in test-net.xsjs  View
148274 28200 CVE-2015-7729 https://www.onapsis.com/blog/analyzing-sap-security-notes-may-2015-edition  View
148275 28200 CVE-2015-7729 https://www.onapsis.com/research/security-advisories/sap-hana-xsjs-code-injection-test-net  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
10007 JVNDB-2015-005327 SAP HANA Developer Edition DB の Web-based Development Workbench の test-net.xsjs における Eval インジェクションの脆弱性 SAP HANA Developer Edition DB の Web-based Development Workbench の test-net.xsjs には、Eval インジェクションの脆弱性が存在します。 CVE-2015-7729 84954 CVE-2015-7729 28200 6.5 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-005327.html 2015-05-12 2015-10-19 View