[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Onapsis Security Advisory 2015-006] SAP HANA Information Disclosure via SQL IMPORT FROM statement

Hash: SHA1

Onapsis Security Advisory ONAPSIS-2015-006: SAP HANA Information
Disclosure via SQL IMPORT FROM statement

1. Impact on Business

Under certain conditions some SAP HANA Database commands could be
abused by a remote authenticated attacker to access information which
is restricted.
This could be used to gain access to confidential information.

Risk Level: Medium

2. Advisory Information

- - Public Release Date: 2015-05-27
- - Subscriber Notification Date: 2015-05-27
- - Last Revised: 2015-05-27
- - Security Advisory ID: ONAPSIS-2015006
- - Onapsis SVS ID: ONAPSIS-00142
- - CVE: CVE-2015-3995
- - Researcher: Sergio Abraham, Fernando Russ, Nahuel D. Sánchez
- - Initial Base CVSS v2:  4 (AV:N/AC:L/Au:S/C:P/I:N/A:N)

3. Vulnerability Information

- - Vendor:  SAP A.G.
- - Affected Components: SAP HANA DB (NewDB100_REL)
- - Vulnerability Class: Improper Access Control (CWE-284)
- - Remotely Exploitable: Yes
- - Locally Exploitable: No
- - Authentication Required: Yes
- - Original Advisory:
- -disclosure-via-SQL-import-from-statement

4. Affected Components Description

SAP HANA is a platform for real-time business. It combines database,
data processing, and application platform capabilities in-memory. The
platform provides libraries for predictive, planning, text processing,
spatial, and business analytics.

5. Vulnerability Details

A remote authenticated attacker, could access confidential information
using specially crafted SQL statement which leads him to read
arbitrary files from the OS through the database command READ FILE
IMPORT available to be performed inside any SQL query.

6. Solution

Implement SAP Security Note 2109565

7. Report Timeline

2014-10-18: Onapsis provides vulnerability information to SAP AG.
2014-10-19: SAP AG confirms having the information about the
2015-01-13: SAP AG publishes security note 2109565 which fixes the
2015-05-27: Onapsis publishes security advisory.

About Onapsis Research Labs

Onapsis Research Labs provides the industry analysis of key security
issues that impact business-critical systems and applications.
Delivering frequent and timely security and compliance advisories with
associated risk levels, Onapsis Research Labs combine in-depth
knowledge and experience to deliver technical and business-context
with sound security judgment to the broader information security

Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Onapsis Research Team