CVE-2018-2402

Published: Mar 14, 2018Modified: Nov 21, 2024

8.4

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Exploitability: 1.7 / Impact: 6.0

Source: NVD

Description

In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear text in the indexserver trace files of the control system. An attacker with the required authorizations on the control system may be able to access the user credentials and gain unauthorized access to data in the captured or target system.

Affected (2)

Products: Sap: Hana

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Sap Hana	Version 1.00
Sap Hana	Version 2.00

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://www.securityfocus.com/bid/103369

Source: cna@sap.com

Third Party AdvisoryVDB Entry

https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2587369

Source: cna@sap.com

Permissions RequiredVendor Advisory

http://www.securityfocus.com/bid/103369

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2587369

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

Timeline

No history available yet.