CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-0266

HIGH
7.5
CVSS Severity Score
EPSS Score0.1990%
EPSS Percentile28.28th
Published2019年2月15日
Last Modified2024年11月21日

Vulnerability Description

Under certain conditions SAP HANA Extended Application Services, version 1.0, advanced model (XS advanced) writes credentials of platform users to a trace file of the SAP HANA system. Even though this trace file is protected from unauthorized access, the risk of leaking information is increased.

Affected Platforms (CPE)

📦
Sap

Hana Extended Application Services

= 1.0

References & Advisories

🔗 http://www.securityfocus.com/bid/106988
🔗 https://launchpad.support.sap.com/#/notes/2724713
🔗 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943
🔗 http://www.securityfocus.com/bid/106988
🔗 https://launchpad.support.sap.com/#/notes/2724713
🔗 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943

関連する脆弱性情報

CVE-2015-131110.0

The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, ...

CVE-2019-02619.8

Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication ...

CVE-2018-23768.1

In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could ret...

CVE-2018-23758.1

In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could ret...