CVE-2016-3640

Published on: 08/05/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:03 PM UTC

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Certain versions of Hana Db from Sap contain the following vulnerability:

The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.091.00.1418659308 allows local users to obtain sensitive password information via vectors related to passwords in Web Dispatcher trace files, aka SAP Security Note 2148905.

  • CVE-2016-3640 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 5.5 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH NONE NONE

CVSS2 Score: 2.1 - LOW

Access
Vector
Access
Complexity
Authentication
LOCAL LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
SAP HANA Password Disclosure | Onapsis Permissions Required
Third Party Advisory
www.onapsis.com
text/html
URL Logo MISC www.onapsis.com/research/security-advisories/sap-hana-password-disclosure
SAP HANA DB CVE-2016-3640 Local Information Disclosure Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 92068
Analyzing SAP Security Notes August 2015 Edition | Onapsis Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo MISC www.onapsis.com/blog/analyzing-sap-security-notes-august-2015-edition
Page not found - Layer Seven Security Technical Description
layersevensecurity.com
application/pdf
Inactive LinkNot Archived
MISC layersevensecurity.com/wp-content/uploads/2015/10/Layer-Seven-Security_SAP-Security-Notes_August-2015.pdf

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationSapHana Db1.00.091.00.14186593AllAllAll
ApplicationSapHana Db1.00.091.00.14186593AllAllAll
  • cpe:2.3:a:sap:hana_db:1.00.091.00.14186593:*:*:*:*:*:*:*:
  • cpe:2.3:a:sap:hana_db:1.00.091.00.14186593:*:*:*:*:*:*:*: