Operating System Command Execution Vulnerability in SAP HANA Database
CVE-2019-0357

6.7MEDIUM

Key Information:

Vendor: SAP
Status: SAP Hana
Vendor: CVE Published:; 10 September 2019

Summary

An issue exists in the SAP HANA database where the administrator can exploit the system to execute commands with root privileges on the operating system. This vulnerability affects SAP HANA versions prior to 1.0 and 2.0, enabling unauthorized access and potential manipulation of critical system functions.

Affected Version(s)

SAP HANA < 1.0 < 1.0

SAP HANA < 2.0 < 2.0

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_CONFIRM

https://launchpad.support.sap.com/#/notes/2829681

x_refsource_MISC

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 10, 2019
Vulnerability Reserved
Nov 26, 2018