Sensitive Data Exposure in SAP HANA Extended Application Services
CVE-2018-2374

6.5MEDIUM

Key Information:

Vendor
SAP
Status
SAP Hana Extended Application Services
Vendor
CVE Published:
14 February 2018

Summary

A vulnerability in SAP HANA Extended Application Services allows a controller user with SpaceAuditor authorization to access sensitive application data, including service bindings, within a designated space. This flaw poses a risk of unauthorized data retrieval, potentially compromising the integrity and confidentiality of the application.

Affected Version(s)

SAP HANA Extended Application Services 1.0

References

http://www.securityfocus.com/bid/103018
vdb-entryx_refsource_BID
https://launchpad.support.sap.com/#/notes/2589129
x_refsource_CONFIRM
https://blogs.sap.com/2018/02/13/sap-security-patch-day-f...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.