Vulnerability CVE-2018-2402


Published: 2018-03-14

Description:
In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear text in the indexserver trace files of the control system. An attacker with the required authorizations on the control system may be able to access the user credentials and gain unauthorized access to data in the captured or target system.

Type:

CWE-200

(Information Exposure)

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.5/10
2.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
SAP -> HANA 

 References:
http://www.securityfocus.com/bid/103369
https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/
https://launchpad.support.sap.com/#/notes/2587369

Copyright 2024, cxsecurity.com

 

Back to Top