CVE-2018-2402

CWE-200 — Information Exposure3 documents3 sources

Severity

8.4HIGH

EPSS

0.3%

top 49.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Hana SAP Hana

Timeline

PublishedMar 14

Latest updateMay 13

Description

In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear text in the indexserver trace files of the control system. An attacker with the required authorizations on the control system may be able to access the user credentials and gain unauthorized access to data in the captured or target system.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:HExploitability: 1.0 | Impact: 6.0

Affected Packages2 packages

▶NVDsap/hana1.00, 2.00+1

▶CVEListV5sap_se/sap_hana1.0, 2.0+1

🔴Vulnerability Details

GHSA

GHSA-955r-gv79-5833: In systems using the optional capture & replay functionality of SAP HANA, 1↗2022-05-13

▶

CVEList

CVE-2018-2402: In systems using the optional capture & replay functionality of SAP HANA, 1↗2018-03-14

▶