CVE-2018-2497

3 documents3 sources

Severity

2.7LOW

EPSS

0.2%

top 55.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SAP Hana SAP Hana

Timeline

PublishedDec 11

Latest updateMay 13

Description

The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE AS SELECT.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages2 packages

▶NVDsap/hana1.0, 2.0+1

▶CVEListV5sap/sap_hana= 1.0, = 2.0+1

🔴Vulnerability Details

GHSA

GHSA-mv23-4w7c-h7h7: The security audit log of SAP HANA, versions 1↗2022-05-13

▶

CVEList

CVE-2018-2497: The security audit log of SAP HANA, versions 1↗2018-12-11

▶