CVE-2016-3640

Опубликовано: 05 авг. 2016

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.091.00.1418659308 allows local users to obtain sensitive password information via vectors related to passwords in Web Dispatcher trace files, aka SAP Security Note 2148905.

Ссылки

http://www.securityfocus.com/bid/92068
Third Party Advisory
VDB Entry
https://layersevensecurity.com/wp-content/uploads/2015/10/Layer-Seven-Security_SAP-Security-Notes_August-2015.pdf
Technical Description
https://www.onapsis.com/blog/analyzing-sap-security-notes-august-2015-edition
Third Party Advisory
https://www.onapsis.com/research/security-advisories/sap-hana-password-disclosure
Permissions Required
Third Party Advisory
http://www.securityfocus.com/bid/92068
Third Party Advisory
VDB Entry
https://layersevensecurity.com/wp-content/uploads/2015/10/Layer-Seven-Security_SAP-Security-Notes_August-2015.pdf
Technical Description
https://www.onapsis.com/blog/analyzing-sap-security-notes-august-2015-edition
Third Party Advisory
https://www.onapsis.com/research/security-advisories/sap-hana-password-disclosure
Permissions Required
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sap:hana_db:1.00.091.00.14186593:*:*:*:*:*:*:*

EPSS

Процентиль: 30%

0.0011

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-gppq-cqcj-pm2v