Unauthorized Information Retrieval in SAP HANA Extended Application Services
CVE-2018-2377

6.5MEDIUM

Key Information:

Vendor

SAP
Status
SAP Hana Extended Application Services
Vendor
CVE Published:
14 February 2018

What is CVE-2018-2377?

An issue in SAP HANA Extended Application Services, version 1.0, allows unauthorized users to access general server statistics and status information. This vulnerability can potentially expose sensitive information, presenting a significant security risk. Proper security measures should be implemented to prevent unauthorized data access.

Affected Version(s)

SAP HANA Extended Application Services 1.0

References

https://launchpad.support.sap.com/#/notes/2589129
x_refsource_CONFIRM
https://blogs.sap.com/2018/02/13/sap-security-patch-day-f...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.