PT-2018-15507 · Sap · Sap Hana Extended Application Services
Published
2018-02-14
·
Updated
2023-12-21
·
CVE-2018-2374
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SAP HANA Extended Application Services version 1.0
Description
A controller user with SpaceAuditor authorization in a specific space could retrieve sensitive application data, such as service bindings, within that space.
Recommendations
For SAP HANA Extended Application Services version 1.0, restrict access to the SpaceAuditor authorization to minimize the risk of sensitive data retrieval.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sap Hana Extended Application Services