CVE-2017-16687: Infoleak
First published: Tue Dec 12 2017(Updated: )
The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts. An unauthenticated user could use the error messages to determine if a given username is valid.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP HANA Database | =1.00 | |
| SAP HANA Database | =2.00 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2017-16687?
CVE-2017-16687 is a vulnerability in the user self-service tools of SAP HANA extended application services, classic user self-service, that allows an unauthenticated user to determine if a given username is valid.
What is the severity of CVE-2017-16687?
CVE-2017-16687 has a severity value of 5.3, which is considered medium.
How can the user self-service tools of SAP HANA Database be misused?
The user self-service tools of SAP HANA Database can be misused to enumerate valid and invalid user accounts.
Which versions of SAP HANA Database are affected by CVE-2017-16687?
CVE-2017-16687 affects SAP HANA Database versions 1.00 and 2.00.
How can I fix CVE-2017-16687?
To fix CVE-2017-16687, it is recommended to apply the security patch provided by SAP.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/description
- agent/tags
- agent/type
- vendor/sap
- canonical/sap hana database
- version/sap hana database/1.00
- version/sap hana database/2.00