CVE-2016-3640
MEDIUMSAP HANA DB <1.00.091.00.1418659308 - Info Disclosure
Title source: llmDescription
The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.091.00.1418659308 allows local users to obtain sensitive password information via vectors related to passwords in Web Dispatcher trace files, aka SAP Security Note 2148905.
References (4)
Core 4
Core References
Permissions Required, Third Party Advisory x_refsource_misc
https://www.onapsis.com/research/security-advisories/sap-hana-password-disclosure
Technical Description x_refsource_misc
https://layersevensecurity.com/wp-content/uploads/2015/10/Layer-Seven-Security_SAP-Security-Notes_August-2015.pdf
Third Party Advisory x_refsource_misc
https://www.onapsis.com/blog/analyzing-sap-security-notes-august-2015-edition
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/92068
Scores
CVSS v3
5.5
EPSS
0.0011
EPSS Percentile
28.8%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
sap/hana_db
1.00.091.00.14186593
Published
Aug 05, 2016
Tracked Since
Feb 18, 2026