CVE-2019-0306

Name of the Vulnerable Software and Affected Versions SAP HANA Extended Application Services (advanced model) version 1

Description The issue is related to a lack of protection for service data in the SAP HANA Extended Application Services development tool. This allows an attacker to gain unauthorized access to a list of SAP HANA user IDs and names. Authenticated low-privileged users, such as SpaceAuditors, can execute requests to obtain this sensitive information.

Recommendations For SAP HANA Extended Application Services (advanced model) version 1, consider restricting access to the service data to minimize the risk of exploitation. As a temporary workaround, limit the privileges of low-privileged users, such as SpaceAuditors, to prevent them from executing requests that could lead to unauthorized access to user IDs and names. At the moment, there is no information about a newer version that contains a fix for this vulnerability.