CVE-2016-6859

Published: Dec 31, 2016Modified: May 6, 2026

4.3

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to obtain sensitive information by triggering an error and then reading a Java stack trace.

Affected (1)

Products: Sap: Hybris

Sap

1 product

Hybris

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Hybris	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://www.securityfocus.com/bid/93959

Source: cve@mitre.org

https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CVE-2016-6859_SAP-Hybris_InformationDisclosure.txt

Source: cve@mitre.org

http://www.securityfocus.com/bid/93959

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CVE-2016-6859_SAP-Hybris_InformationDisclosure.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.