5.3

CVE-2016-6145

EPSS 0.39%
Veröffentlicht 05.08.2016 14:59:17
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailed_error_on_connect option is not supported or is configured as "False," which allows remote attackers to enumerate database users via a series of login attempts, aka SAP Security Note 2216869.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

SAP ≫ Hana Db Version1.00.091.00.1418659308

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.39%	0.571

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://www.onapsis.com/blog/onapsis-publishes-15-advisories-sap-hana-and-building-components

Third Party Advisory

http://packetstormsecurity.com/files/138444/SAP-HANA-DB-1.00.091.00.1418659308-Information-Disclosure.html

http://seclists.org/fulldisclosure/2016/Aug/92

Third Party Advisory

http://www.securityfocus.com/bid/92346

https://www.onapsis.com/research/security-advisories/sap-hana-user-information-disclosure

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2016-6145

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-6145

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-6145

EUVD