CVE-2016-3640

Published: Aug 5, 2016Modified: May 6, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.091.00.1418659308 allows local users to obtain sensitive password information via vectors related to passwords in Web Dispatcher trace files, aka SAP Security Note 2148905.

Affected (1)

Products: Sap: Hana Db

Sap

1 product

Hana Db

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Hana Db	Version 1.00.091.00.14186593

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

http://www.securityfocus.com/bid/92068

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://layersevensecurity.com/wp-content/uploads/2015/10/Layer-Seven-Security_SAP-Security-Notes_August-2015.pdf

Source: cve@mitre.org

Technical Description

https://www.onapsis.com/blog/analyzing-sap-security-notes-august-2015-edition

Source: cve@mitre.org

Third Party Advisory

https://www.onapsis.com/research/security-advisories/sap-hana-password-disclosure

Source: cve@mitre.org

Permissions RequiredThird Party Advisory

http://www.securityfocus.com/bid/92068

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://layersevensecurity.com/wp-content/uploads/2015/10/Layer-Seven-Security_SAP-Security-Notes_August-2015.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Technical Description

https://www.onapsis.com/blog/analyzing-sap-security-notes-august-2015-edition

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.onapsis.com/research/security-advisories/sap-hana-password-disclosure

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

Timeline

No history available yet.