Unrated severityNVD Advisory· Published Oct 15, 2015· Updated May 6, 2026

CVE-2015-7725

Description

Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allow remote authenticated users to execute arbitrary SQL commands via the (1) remoteSourceName in the dropCredentials function or unspecified vectors in the (2) setTraceLevelsForXsApps, (3) _modifyUser, or (4) _newUser function, aka SAP Security Notes 2153898 and 2153765.

Affected products

SAP/Hana
cpe:2.3:a:sap:hana:1.00.091.00:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/133761/SAP-HANA-_modifyUser-SQL-Injection.htmlnvd
packetstormsecurity.com/files/133762/SAP-HANA-_newUser-SQL-Injection.htmlnvd
packetstormsecurity.com/files/133764/SAP-HANA-setTraceLevelsForXsApps-SQL-Injection.htmlnvd
packetstormsecurity.com/files/133769/SAP-HANA-Drop-Credentials-SQL-Injection.htmlnvd
seclists.org/fulldisclosure/2015/Sep/110nvd
seclists.org/fulldisclosure/2015/Sep/111nvd
seclists.org/fulldisclosure/2015/Sep/113nvd
seclists.org/fulldisclosure/2015/Sep/118nvd
www.onapsis.com/blog/analyzing-sap-security-notes-may-2015-editionnvd
www.onapsis.com/research/security-advisories/sap-hana-drop-credentials-sql-injectionnvd
www.onapsis.com/research/security-advisories/sap-hana-sql-injection-modifyusernvd
www.onapsis.com/research/security-advisories/sap-hana-sql-injection-newusernvd
www.onapsis.com/research/security-advisories/sap-sql-injection-settracelevelsforxsappsnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000