CVE-2017-16687

Name of the Vulnerable Software and Affected Versions SAP HANA Database versions 1.00 and 2.00

Description The user self-service tools of SAP HANA extended application services, classic user self-service, can be misused to enumerate valid and invalid user accounts. An unauthenticated user could use the error messages to determine if a given username is valid.

Recommendations For SAP HANA Database versions 1.00 and 2.00, consider restricting access to the user self-service tools to prevent enumeration of user accounts until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.