5.5

CVE-2016-6149

SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain sensitive information by leveraging the EXPORT statement to export files, aka SAP Security Note 2252941.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAPHana Sps09 Version1.00.091.00.14186593
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.52% 0.4
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://www.onapsis.com/blog/analyzing-sap-security-notes-january-2016
Third Party Advisory
http://packetstormsecurity.com/files/138456/SAP-HANA-SPS09-1.00.091.00.1418659308-EXPORT-Information-Disclosure.html
http://seclists.org/fulldisclosure/2016/Aug/108
http://seclists.org/fulldisclosure/2016/Aug/97
http://www.securityfocus.com/bid/92061
Third Party Advisory
VDB Entry
https://www.onapsis.com/research/security-advisories/sap-hana-information-disclosure-export
Third Party Advisory
Permissions Required