CVE-2017-16687
published 2017-12-12CVE-2017-16687: The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be…
medium5.3CVSS 3.0
AVNACLPRNUINSUCLINAN
The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts. An unauthenticated user could use the error messages to determine if a given username is valid.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | hana_database | — | — |
| sap | hana_database | — | — |
| sap | sap_hana_extended_application_services | — | — |