-----BEGIN PGP SIGNED MESSAGE-----
Onapsis Security Advisory ONAPSIS-2015-006: SAP HANA Information
Disclosure via SQL IMPORT FROM statement
1. Impact on Business
Under certain conditions some SAP HANA Database commands could be
abused by a remote authenticated attacker to access information which
This could be used to gain access to confidential information.
Risk Level: Medium
2. Advisory Information
- - Public Release Date: 2015-05-27
- - Subscriber Notification Date: 2015-05-27
- - Last Revised: 2015-05-27
- - Security Advisory ID: ONAPSIS-2015006
- - Onapsis SVS ID: ONAPSIS-00142
- - CVE: CVE-2015-3995
- - Researcher: Sergio Abraham, Fernando Russ, Nahuel D. Snchez
- - Initial Base CVSS v2: 4 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
3. Vulnerability Information
- - Vendor: SAP A.G.
- - Affected Components: SAP HANA DB 1.00.73.00.389160 (NewDB100_REL)
- - Vulnerability Class: Improper Access Control (CWE-284)
- - Remotely Exploitable: Yes
- - Locally Exploitable: No
- - Authentication Required: Yes
- - Original Advisory:
4. Affected Components Description
SAP HANA is a platform for real-time business. It combines database,
data processing, and application platform capabilities in-memory. The
platform provides libraries for predictive, planning, text processing,
spatial, and business analytics.
5. Vulnerability Details
A remote authenticated attacker, could access confidential information
using specially crafted SQL statement which leads him to read
arbitrary files from the OS through the database command READ FILE
IMPORT available to be performed inside any SQL query.
Implement SAP Security Note 2109565
7. Report Timeline
2014-10-18: Onapsis provides vulnerability information to SAP AG.
2014-10-19: SAP AG confirms having the information about the
2015-01-13: SAP AG publishes security note 2109565 which fixes the
2015-05-27: Onapsis publishes security advisory.
About Onapsis Research Labs
Onapsis Research Labs provides the industry analysis of key security
issues that impact business-critical systems and applications.
Delivering frequent and timely security and compliance advisories with
associated risk levels, Onapsis Research Labs combine in-depth
knowledge and experience to deliver technical and business-context
with sound security judgment to the broader information security
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Onapsis Research Team
-----END PGP SIGNATURE-----