CVE-2016-3639

MEDIUM

SAP HANA DB <1.00.091.00.1418659308 - Info Disclosure

Title source: llm

Description

SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128.

References (4)

[Permissions Required, Third Party Advisory] http://onapsis.com/research/security-advisories/sap-hana-get-topology-information-disclosure

[Third Party Advisory] http://packetstormsecurity.com/files/138428/SAP-HANA-1.00.091.00.1418659308-Information-Disclosure.html

[Third Party Advisory] http://seclists.org/fulldisclosure/2016/Aug/83

[Third Party Advisory] http://www.securityfocus.com/bid/92547

Scores

CVSS v3 4.3

EPSS 0.0036

EPSS Percentile 57.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (2)

n/a/n/a

sap/hana_db

Timeline

Published Sep 26, 2016

Tracked Since Feb 18, 2026