[Onapsis Security Advisory 2015-007] SAP HANA Log Injection Vulnerability

May 27, 2015 007admin Leave a comment

Posted by Onapsis Research Labs on May 27

Onapsis Security AdvisoryONAPSIS-2015-007: SAP HANA Log Injection
Vulnerability

1. Impact on Business
=====================

Under certain conditions the SAP HANA XS engine is vulnerable to
arbitrary log
injection, allowing remote authenticated attackers to write arbitrary
information in log files.
This could be used to corrupt log files or add fake content misleading
an administrator.

Risk Level: Medium

2. Advisory Information…

007 Software

[Onapsis Security Advisory 2015-007] SAP HANA Log Injection Vulnerability

Leave a Reply Cancel reply

Software and Security Information