CVE-2016-6148

7.5 HIGH

Published: August 05, 2016 Modified: May 06, 2026

Description

SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service (process termination) or execute arbitrary code via vectors related to an IMPORT statement, aka SAP Security Note 2233136.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://packetstormsecurity.com/files/138450/SAP-HANA-DB-1.00.73.00.389160-Remote-Code-Execution.html

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2016/Aug/95

Source: cve@mitre.org

http://www.securityfocus.com/bid/92067

Source: cve@mitre.org

Third Party Advisory VDB Entry

https://layersevensecurity.com/wp-content/uploads/2016/02/Layer-Seven-Security_SAP-Security-Notes_January-2016.pdf

Source: cve@mitre.org

Technical Description

https://www.onapsis.com/blog/analyzing-sap-security-notes-january-2016

Source: cve@mitre.org

Third Party Advisory

http://packetstormsecurity.com/files/138450/SAP-HANA-DB-1.00.73.00.389160-Remote-Code-Execution.html