CVE-2016-3640

MEDIUM

SAP HANA DB <1.00.091.00.1418659308 - Info Disclosure

Title source: llm

Description

The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.091.00.1418659308 allows local users to obtain sensitive password information via vectors related to passwords in Web Dispatcher trace files, aka SAP Security Note 2148905.

References (4)

Scores

CVSS v3 5.5
EPSS 0.0011
EPSS Percentile 29.2%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE
CWE-200
Status draft

Affected Products (1)

sap/hana_db

Timeline

Published Aug 05, 2016
Tracked Since Feb 18, 2026