PT-2017-2362 · Sap · Sap Hana Db

Published

2017-04-13

Updated

2017-04-20

CVE-2016-6143

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SAP HANA DB version 1.00.73.00.389160

Description The issue is related to inadequate access control in the SAP HANA database management system. It allows remote attackers to execute arbitrary code via vectors involving the audit logs.

Recommendations For SAP HANA DB version 1.00.73.00.389160, consider restricting access to the audit logs as a temporary mitigation measure until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

BDU:2017-01562

CVE-2016-6143

Affected Products

Sap Hana Db

PT-2017-2362 · Sap · Sap Hana Db

CVE-2016-6143

Weakness Enumeration

Related Identifiers

Affected Products

References · 6