CVE-2016-6150

Опубликовано: 05 авг. 2016

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended access restrictions and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2233550.

Ссылки

http://packetstormsecurity.com/files/138453/SAP-HANA-DB-Encryption-Issue.html
http://seclists.org/fulldisclosure/2016/Aug/96
http://www.securityfocus.com/bid/92064
Third Party Advisory
VDB Entry
https://layersevensecurity.com/wp-content/uploads/2016/02/Layer-Seven-Security_SAP-Security-Notes_January-2016.pdf
Technical Description
Third Party Advisory
https://www.onapsis.com/research/security-advisories/sap-hana-potential-wrong-encryption
Permissions Required
Third Party Advisory
http://packetstormsecurity.com/files/138453/SAP-HANA-DB-Encryption-Issue.html
http://seclists.org/fulldisclosure/2016/Aug/96
http://www.securityfocus.com/bid/92064
Third Party Advisory
VDB Entry
https://layersevensecurity.com/wp-content/uploads/2016/02/Layer-Seven-Security_SAP-Security-Notes_January-2016.pdf
Technical Description
Third Party Advisory
https://www.onapsis.com/research/security-advisories/sap-hana-potential-wrong-encryption
Permissions Required
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sap:hana:-:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.0175

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-284

Связанные уязвимости

GHSA-7h3q-jhjr-x4rr