Skip to content
Medium Published: Feb 14, 2018 Modified: Nov 21, 2024

CVE-2018-2379

6.5 CVSS Score Medium
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Export CVE-2018-2379 Data:
Share:
Link copied!

Description

In SAP HANA Extended Application Services, 1.0, an unauthenticated user could test if a given username is valid by evaluating error messages of a specific endpoint.

CVSS Vector Details

Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability None

Affected Software Configurations

  • a sap hana_extended_application_services 1.0 * * * * * * *

Weaknesses (CWE)

  • CWE-209

References & External Links

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

Related Vulnerabilities

CVE-2000-1191 CVSS 0 Same weakness: CWE-209 CVE-2010-3332 CVSS 0 Same weakness: CWE-209 CVE-2017-7945 CVSS 0 Same weakness: CWE-209 CVE-2017-1370 CVSS 0 Same weakness: CWE-209 CVE-2018-11325 CVSS 0 Same weakness: CWE-209

CVE History Timeline

Mar 01, 2018 19:48 Initial Analysis
Oct 03, 2019 00:03 CWE Remap
Dec 21, 2023 04:21 CPE Deprecation Remap
May 14, 2024 05:16 CVE Modified
Nov 21, 2024 04:03 CVE Modified
← Back to CVE Tracker