Sensitive Password Disclosure in SAP HANA DB by SAP
CVE-2016-3640

5.5MEDIUM

Key Information:

Vendor
SAP
Status
Hana Db
Vendor
CVE Published:
5 August 2016

Summary

The Extended Application Services (XS Engine) in SAP HANA DB allows local users to access sensitive password information. This vulnerability arises from improper handling of password data in Web Dispatcher trace files, potentially exposing critical credentials to unauthorized users. The issue highlights the importance of securing logging mechanisms and enforcing strict access controls to protect sensitive information.

References

https://www.onapsis.com/research/security-advisories/sap-...
x_refsource_MISC
https://layersevensecurity.com/wp-content/uploads/2015/10...
x_refsource_MISC
https://www.onapsis.com/blog/analyzing-sap-security-notes...
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.