CNNVD-202511-1294 Information
CNNVD ID
CNNVD-202511-1294
Related CVE
- CNNVD Published: 2025-11-11
Description (Chinese)
SAP HANA是德国思爱普(SAP)公司的一套高性能的实时数据分析平台。该平台提供数据查询功能,支持用户对查询实时业务数据进行查询和分析。 SAP HANA存在代码注入漏洞,该漏洞源于连接属性值验证不足,可能导致未经授权的代码加载,影响应用程序的机密性和完整性,并严重影响可用性。
Description (English)
SAP HANA is a high-performance real-time data analysis platform for SAP Germany. The platform provides data queries to support users in searching and analysing real-time operational data. SAP HANA has a code-infusion loophole, which stems from inadequate authentication of connection attribute values, which may lead to unauthorized code loading, affect the confidentiality and integrity of the application and seriously affect availability.
Hazard Level
High
Vulnerability Type
代码注入
Affected Vendor
思爱普
Published
2025-11-11
Last Modified
2026-02-24
References
https://me.sap.com/notes/3643385 https://url.sap/sapsecuritypatchday https://access.redhat.com/security/cve/cve-2025-42895
Patch
https://url.sap/sapsecuritypatchday
Share on: