Vulnerability CVE-2016-3640
Published: 2016-08-05

Description:
The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.091.00.1418659308 allows local users to obtain sensitive password information via vectors related to passwords in Web Dispatcher trace files, aka SAP Security Note 2148905.

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
SAP -> Hana db 

 References:
http://www.securityfocus.com/bid/92068
https://layersevensecurity.com/wp-content/uploads/2015/10/Layer-Seven-Security_SAP-Security-Notes_August-2015.pdf
https://www.onapsis.com/blog/analyzing-sap-security-notes-august-2015-edition
https://www.onapsis.com/research/security-advisories/sap-hana-password-disclosure
Copyright 2024, cxsecurity.com

 

Back to Top