SAP HANA HTTP Login Remote Code Execution Vulnerabilities
The information has been provided by Nahuel D. Sainchez.
* SAP HANA Database 1.00.73.00.389160and earlier
* SAP HANA Database 1.00.73.00.389160 and later
By sending a crafted HTTP packet to the SAP HANA XS Server, a remote unauthenticated attacker could fully compromise the platform executing arbitrary code or performing a denial of service, thus rendering the platform unavailable until the next process restart. SAP HANA DB version 1.00.73.00.389160 is affected.
Original release date: 11/10/2015
Last revised: 11/12/2015