CVE-2016-6142

CVE-2016-6142

EPSS 2.9%

SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://onapsis.com/research/security-advisories/sap-hana-arbitrary-audit-injection-sql-protocol http://packetstormsecurity.com/files/138441/SAP-HANA-DB-1.00.73.00.389160-SAP-Protocol-Audit-Injection.html http://seclists.org/fulldisclosure/2016/Aug/89 http://www.securityfocus.com/bid/92566