PT-2018-15508 · Sap · Sap Hana Extended Application Services
Published
2018-02-14
·
Updated
2023-12-21
·
CVE-2018-2375
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
SAP HANA Extended Application Services version 1.0
Description
A controller user with SpaceAuditor authorization in a specific space could retrieve application environments within that space.
Recommendations
For SAP HANA Extended Application Services version 1.0, consider restricting the SpaceAuditor authorization to prevent unauthorized access to application environments.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sap Hana Extended Application Services