CVE-2018-2402

Name of the Vulnerable Software and Affected Versions SAP HANA versions 1.00 through 2.00

Description The issue affects systems using the optional capture & replay functionality, where user credentials may be stored in clear text in the indexserver trace files of the control system. An attacker with the required authorizations on the control system may be able to access the user credentials and gain unauthorized access to data in the captured or target system.

Recommendations For SAP HANA versions 1.00 through 2.00, consider restricting access to the indexserver trace files to minimize the risk of exploitation. As a temporary workaround, review and limit authorizations on the control system to prevent unauthorized access to user credentials. Refer to SAP Note 2362820 for more information about capture & replay functionality and potential mitigation measures.