CVE-2018-2369
First published: Wed Feb 14 2018(Updated: )
Under certain conditions SAP HANA, 1.00, 2.00, allows an unauthenticated attacker to access information which would otherwise be restricted. An attacker can misuse the authentication function of the SAP HANA server on its SQL interface and disclose 8 bytes of the server process memory. The attacker cannot influence or predict the location of the leaked memory.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP HANA | =1.00 | |
| SAP HANA | =2.00 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this SAP HANA vulnerability?
The vulnerability ID for this SAP HANA vulnerability is CVE-2018-2369.
What is the severity level of CVE-2018-2369?
The severity level of CVE-2018-2369 is medium, with a severity value of 5.3.
How can an unauthenticated attacker access restricted information in SAP HANA 1.00 and 2.00?
An unauthenticated attacker can misuse the authentication function of the SAP HANA server on its SQL interface to access 8 bytes of the server process memory.
Which versions of SAP HANA are affected by CVE-2018-2369?
CVE-2018-2369 affects SAP HANA 1.00 and 2.00.
Where can I find more information about CVE-2018-2369?
You can find more information about CVE-2018-2369 on securityfocus.com, blogs.sap.com, and launchpad.support.sap.com.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/sap
- canonical/sap hana
- version/sap hana/1.00
- version/sap hana/2.00