CVE-2016-3640

CWE-200 — Information Exposure3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 70.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Hana DB

Timeline

PublishedAug 5

Latest updateMay 17

Description

The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.091.00.1418659308 allows local users to obtain sensitive password information via vectors related to passwords in Web Dispatcher trace files, aka SAP Security Note 2148905.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDsap/hana_db1.00.091.00.14186593

🔴Vulnerability Details

GHSA

GHSA-gppq-cqcj-pm2v: The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1↗2022-05-17

▶

CVEList

CVE-2016-3640: The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1↗2016-08-05

▶