A plain keystore password is written to a system log file in SAP HANA Extended Application Services, 1.0, which could endanger confidentiality of SSL communication.
References
Link | Resource |
---|---|
https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/ | Vendor Advisory |
https://launchpad.support.sap.com/#/notes/2589129 | Permissions Required |
Configurations
History
21 Dec 2023, 04:21
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:sap:hana_extended_application_services:1.0:*:*:*:*:*:*:* | |
First Time |
Sap hana Extended Application Services
|
Information
Published : 2018-02-14 12:29
Updated : 2024-02-28 16:25
NVD link : CVE-2018-2372
Mitre link : CVE-2018-2372
CVE.ORG link : CVE-2018-2372
JSON object : View
Products Affected
sap
- hana_extended_application_services
CWE
CWE-532
Insertion of Sensitive Information into Log File