CVE-2019-0266

CWE-532Log File Information Exposure3 documents3 sources
Severity
7.5HIGH
EPSS
0.4%
top 41.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP Hana Extended Application Services
Timeline
PublishedFeb 15
Latest updateMay 13

Description

Under certain conditions SAP HANA Extended Application Services, version 1.0, advanced model (XS advanced) writes credentials of platform users to a trace file of the SAP HANA system. Even though this trace file is protected from unauthorized access, the risk of leaking information is increased.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-7vvm-24cg-qmw6: Under certain conditions SAP HANA Extended Application Services, version 12022-05-13
CVEList
CVE-2019-0266: Under certain conditions SAP HANA Extended Application Services, version 12019-02-15
CVE-2019-0266 (HIGH CVSS 7.5) | Under certain conditions SAP HANA E | cvebase.io