CVE-2016-6145

CWE-200Information Exposure3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.4%
top 39.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP Hana DB
Timeline
PublishedAug 5
Latest updateMay 17

Description

The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailed_error_on_connect option is not supported or is configured as "False," which allows remote attackers to enumerate database users via a series of login attempts, aka SAP Security Note 2216869.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

NVDsap/hana_db1.00.091.00.1418659308

🔴Vulnerability Details

2
GHSA
GHSA-r2fg-8wxh-cg49: The SQL interface in SAP HANA DB 12022-05-17
CVEList
CVE-2016-6145: The SQL interface in SAP HANA DB 12016-08-05