The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.091.00.1418659308 allows local users to obtain sensitive password information via vectors related to passwords in Web Dispatcher trace files, aka SAP Security Note 2148905.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/92068 | Third Party Advisory VDB Entry |
https://layersevensecurity.com/wp-content/uploads/2015/10/Layer-Seven-Security_SAP-Security-Notes_August-2015.pdf | Technical Description |
https://www.onapsis.com/blog/analyzing-sap-security-notes-august-2015-edition | Third Party Advisory |
https://www.onapsis.com/research/security-advisories/sap-hana-password-disclosure | Permissions Required Third Party Advisory |
Configurations
History
No history.
Information
Published : 2016-08-05 14:59
Updated : 2024-02-28 15:21
NVD link : CVE-2016-3640
Mitre link : CVE-2016-3640
CVE.ORG link : CVE-2016-3640
JSON object : View
Products Affected
sap
- hana_db
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor