CVE-2016-6149

MEDIUM

SAP HANA SPS09 1.00.091.00.14186593 - Info Disclosure

Title source: llm

Description

SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain sensitive information by leveraging the EXPORT statement to export files, aka SAP Security Note 2252941.

References (6)

[Mailing List] http://seclists.org/fulldisclosure/2016/Aug/108

[Mailing List] http://seclists.org/fulldisclosure/2016/Aug/97

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92061

[Third Party Advisory] https://www.onapsis.com/blog/analyzing-sap-security-notes-january-2016

[Permissions Required, Third Party Advisory] https://www.onapsis.com/research/security-advisories/sap-hana-information-disclosure-export

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/138456/SAP-HANA-SPS09-1.00.091.00.1418659308-EXPORT-Information-Disclosure.html

Scores

CVSS v3 5.5

EPSS 0.0006

EPSS Percentile 19.5%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status draft

Affected Products (1)

sap/hana_sps09

Timeline

Published Aug 05, 2016

Tracked Since Feb 18, 2026