5.3

CVE-2016-6145

EPSS 0.39%
Published 05.08.2016 14:59:17
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailed_error_on_connect option is not supported or is configured as "False," which allows remote attackers to enumerate database users via a series of login attempts, aka SAP Security Note 2216869.

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

SAP ≫ Hana Db Version1.00.091.00.1418659308

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.39%	0.571

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://www.onapsis.com/blog/onapsis-publishes-15-advisories-sap-hana-and-building-components

Third Party Advisory

http://packetstormsecurity.com/files/138444/SAP-HANA-DB-1.00.091.00.1418659308-Information-Disclosure.html

http://seclists.org/fulldisclosure/2016/Aug/92

Third Party Advisory

http://www.securityfocus.com/bid/92346

https://www.onapsis.com/research/security-advisories/sap-hana-user-information-disclosure

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2016-6145

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-6145

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-6145

EUVD