Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-3640

The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.091.00.1418659308 allows local users to obtain sensitive password information via vectors related to passwords in Web Dispatcher trace files, aka SAP Security Note 2148905.

Published

2016-08-05T14:59:07.720

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	hana_db	1.00.091.00.14186593	Yes

References

http://www.securityfocus.com/bid/92068 Third Party Advisory, VDB Entry ([email protected])
https://layersevensecurity.com/wp-content/uploads/2015/10/Layer-Seven-Security_SAP-Security-Notes_August-2015.pdf Technical Description ([email protected])
https://www.onapsis.com/blog/analyzing-sap-security-notes-august-2015-edition Third Party Advisory ([email protected])
https://www.onapsis.com/research/security-advisories/sap-hana-password-disclosure Permissions Required, Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/92068 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://layersevensecurity.com/wp-content/uploads/2015/10/Layer-Seven-Security_SAP-Security-Notes_August-2015.pdf Technical Description (af854a3a-2127-422b-91ae-364da2661108)
https://www.onapsis.com/blog/analyzing-sap-security-notes-august-2015-edition Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.onapsis.com/research/security-advisories/sap-hana-password-disclosure Permissions Required, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)