CVE-2016-6150
CRITICALSAP HANA - Improper Access Control via Unencrypted Communications
Title source: llmDescription
The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended access restrictions and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2233550.
References (5)
Core 5
Core References
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/Aug/96
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/92064
Technical Description, Third Party Advisory x_refsource_misc
https://layersevensecurity.com/wp-content/uploads/2016/02/Layer-Seven-Security_SAP-Security-Notes_January-2016.pdf
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/138453/SAP-HANA-DB-Encryption-Issue.html
Permissions Required, Third Party Advisory x_refsource_misc
https://www.onapsis.com/research/security-advisories/sap-hana-potential-wrong-encryption
Scores
CVSS v3
9.8
EPSS
0.0175
EPSS Percentile
82.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-284
Status
published
Products (1)
sap/hana
Published
Aug 05, 2016
Tracked Since
Feb 18, 2026