CVE-2017-16687

5.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP Hana Extended Application Services
Vendor: CVE Published:; 12 December 2017

Summary

The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts. An unauthenticated user could use the error messages to determine if a given username is valid.

Affected Version(s)

SAP HANA extended application services SAP HANA Database 1.00, 2.00

References

https://blogs.sap.com/2017/12/12/sap-security-patch-day-d...

x_refsource_CONFIRM

https://launchpad.support.sap.com/#/notes/2549983

x_refsource_CONFIRM

http://www.securityfocus.com/bid/102152

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 12, 2017
Vulnerability Reserved
Nov 9, 2017

.