CVE-2017-16687

Опубликовано: 12 дек. 2017

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts. An unauthenticated user could use the error messages to determine if a given username is valid.

Ссылки

http://www.securityfocus.com/bid/102152
Third Party Advisory
VDB Entry
https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/
Vendor Advisory
https://launchpad.support.sap.com/#/notes/2549983
Permissions Required
Vendor Advisory
http://www.securityfocus.com/bid/102152
Third Party Advisory
VDB Entry
https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/
Vendor Advisory
https://launchpad.support.sap.com/#/notes/2549983
Permissions Required
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:hana_database:1.00:*:*:*:*:*:*:*

cpe:2.3:a:sap:hana_database:2.00:*:*:*:*:*:*:*

EPSS

Процентиль: 75%

0.00877

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-9pcr-j2qp-ppm8