CVE-2018-2497

Name of the Vulnerable Software and Affected Versions: SAP HANA versions 1.0 and 2.0

Description: The issue concerns the security audit log of SAP HANA, which fails to log SELECT events when these events are part of a statement with the syntax CREATE TABLE table name AS SELECT. This is due to insufficient input validation in the security audit log. The exploitation of this issue may allow a remote attacker to bypass existing security restrictions.

Recommendations: For SAP HANA versions 1.0 and 2.0, consider implementing additional logging mechanisms to track SELECT events within CREATE TABLE statements until a fix is available. As a temporary workaround, restrict access to the CREATE TABLE statement to minimize the risk of exploitation.