PT-2018-15509 · Sap · Sap Hana Extended Application Services
Published
2018-02-14
·
Updated
2023-12-21
·
CVE-2018-2376
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
SAP HANA Extended Application Services version 1.0
Description
A controller user with SpaceAuditor authorization in a specific space could retrieve application environments within that space.
Recommendations
For SAP HANA Extended Application Services version 1.0, restrict access to the SpaceAuditor authorization to minimize the risk of unauthorized application environment retrieval.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sap Hana Extended Application Services