CVE-2017-16687

Published: Dec 12, 2017Modified: May 13, 2026

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts. An unauthenticated user could use the error messages to determine if a given username is valid.

Affected (2)

Products: Sap: Hana Database

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Sap Hana Database	Version 1.00
Sap Hana Database	Version 2.00

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://www.securityfocus.com/bid/102152

Source: cna@sap.com

Third Party AdvisoryVDB Entry

https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2549983

Source: cna@sap.com

Permissions RequiredVendor Advisory

http://www.securityfocus.com/bid/102152

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2549983

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

Timeline

No history available yet.