CyberSec.Space Logo
Back to CVE Browser

CVE-2019-0266

HIGH
7.5
CVSS Severity Score
EPSS Score0.1990%
EPSS Percentile28.28th
PublishedFeb 15, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

Under certain conditions SAP HANA Extended Application Services, version 1.0, advanced model (XS advanced) writes credentials of platform users to a trace file of the SAP HANA system. Even though this trace file is protected from unauthorized access, the risk of leaking information is increased.

Affected Platforms (CPE)

πŸ“¦
Sap

Hana Extended Application Services

= 1.0

References & Advisories

πŸ”— http://www.securityfocus.com/bid/106988
πŸ”— https://launchpad.support.sap.com/#/notes/2724713
πŸ”— https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943
πŸ”— http://www.securityfocus.com/bid/106988
πŸ”— https://launchpad.support.sap.com/#/notes/2724713
πŸ”— https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943

Related Vulnerabilities

CVE-2015-131110.0

The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, ...

CVE-2019-02619.8

Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication ...

CVE-2018-23768.1

In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could ret...

CVE-2018-23758.1

In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could ret...