CVE-2018-2379

CWE-2093 documents3 sources
Severity
6.5MEDIUM
EPSS
0.7%
top 26.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Hana Extended Application ServicesSAP Hana Extended Application Services
Timeline
PublishedFeb 14
Latest updateMay 13

Description

In SAP HANA Extended Application Services, 1.0, an unauthenticated user could test if a given username is valid by evaluating error messages of a specific endpoint.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-8g2w-rx55-7wg6: In SAP HANA Extended Application Services, 12022-05-13
CVEList
CVE-2018-2379: In SAP HANA Extended Application Services, 12018-02-14
CVE-2018-2379 (MEDIUM CVSS 6.5) | In SAP HANA Extended Application Se | cvebase.io