What is the vulnerability identified as CVE-2018-2402?

The vulnerability identified as CVE-2018-2402 is related to the optional capture & replay functionality of SAP HANA 1.00 and 2.00.

How can an attacker exploit the vulnerability?

An attacker with the required authorizations can access and retrieve user credentials stored in clear text in the indexserver trace files of the control system.

Which versions of SAP HANA are affected by CVE-2018-2402?

SAP HANA 1.00 and 2.00 versions are affected by CVE-2018-2402.

What is the severity rating of CVE-2018-2402?

CVE-2018-2402 has a severity rating of 8.4 (high).

Are there any references for more information about CVE-2018-2402?

Yes, you can refer to the following links for more information: http://www.securityfocus.com/bid/103369, https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/, https://launchpad.support.sap.com/#/notes/2587369

Vulnerability/
CVE-2018-2402

high

8.4

CWE

200

14/3/2018

5/8/2024

CVE-2018-2402: Infoleak

First published: Wed Mar 14 2018(Updated: )

In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear text in the indexserver trace files of the control system. An attacker with the required authorizations on the control system may be able to access the user credentials and gain unauthorized access to data in the captured or target system.

Credit: cna@sap.com

Affected Software	Affected Version	How to fix
SAP HANA Database	=1.00
SAP HANA Database	=2.00

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability identified as CVE-2018-2402?
The vulnerability identified as CVE-2018-2402 is related to the optional capture & replay functionality of SAP HANA 1.00 and 2.00.
How can an attacker exploit the vulnerability?
An attacker with the required authorizations can access and retrieve user credentials stored in clear text in the indexserver trace files of the control system.
Which versions of SAP HANA are affected by CVE-2018-2402?
SAP HANA 1.00 and 2.00 versions are affected by CVE-2018-2402.
What is the severity rating of CVE-2018-2402?
CVE-2018-2402 has a severity rating of 8.4 (high).
Are there any references for more information about CVE-2018-2402?
Yes, you can refer to the following links for more information: http://www.securityfocus.com/bid/103369, https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/, https://launchpad.support.sap.com/#/notes/2587369

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/author
agent/references
agent/severity
agent/first-publish-date
agent/event
agent/description
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/sap
canonical/sap hana database
version/sap hana database/1.00
version/sap hana database/2.00

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.