SAP HANA Information Disclosure

2015.05.28
Credit: onapsis
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-284


CVSS Base Score: 4/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8/10
Exploit range: Remote
Attack complexity: Low
Authentication: Single time
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory ONAPSIS-2015-006: SAP HANA Information Disclosure via SQL IMPORT FROM statement 1. Impact on Business ===================== Under certain conditions some SAP HANA Database commands could be abused by a remote authenticated attacker to access information which is restricted. This could be used to gain access to confidential information. Risk Level: Medium 2. Advisory Information ======================= - - Public Release Date: 2015-05-27 - - Subscriber Notification Date: 2015-05-27 - - Last Revised: 2015-05-27 - - Security Advisory ID: ONAPSIS-2015006 - - Onapsis SVS ID: ONAPSIS-00142 - - CVE: CVE-2015-3995 - - Researcher: Sergio Abraham, Fernando Russ, Nahuel D. Snchez - - Initial Base CVSS v2: 4 (AV:N/AC:L/Au:S/C:P/I:N/A:N) 3. Vulnerability Information ============================ - - Vendor: SAP A.G. - - Affected Components: SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) - - Vulnerability Class: Improper Access Control (CWE-284) - - Remotely Exploitable: Yes - - Locally Exploitable: No - - Authentication Required: Yes - - Original Advisory: http://www.onapsis.com/research/security-advisories/SAP-HANA-information - -disclosure-via-SQL-import-from-statement 4. Affected Components Description ================================== SAP HANA is a platform for real-time business. It combines database, data processing, and application platform capabilities in-memory. The platform provides libraries for predictive, planning, text processing, spatial, and business analytics. 5. Vulnerability Details ======================== A remote authenticated attacker, could access confidential information using specially crafted SQL statement which leads him to read arbitrary files from the OS through the database command READ FILE IMPORT available to be performed inside any SQL query. 6. Solution =========== Implement SAP Security Note 2109565 7. Report Timeline ================== 2014-10-18: Onapsis provides vulnerability information to SAP AG. 2014-10-19: SAP AG confirms having the information about the vulnerability. 2015-01-13: SAP AG publishes security note 2109565 which fixes the problem. 2015-05-27: Onapsis publishes security advisory. About Onapsis Research Labs =========================== Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Research Labs combine in-depth knowledge and experience to deliver technical and business-context with sound security judgment to the broader information security community. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Onapsis Research Team iEYEARECAAYFAlVmDKgACgkQz3i6WNVBcDV+XgCeKE+ulvXCD/nuU4YshckzsSVd 6VsAoIAI/HV7lNQ+KyL52ssSBe2D+Zln =/P7V -----END PGP SIGNATURE-----


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top