Description
Under certain conditions, the SAP HANA XS Advanced server allows an attacker to access information which would otherwise be restricted.
The vulnerability details along with their CVE relevant information can be found below.
Information Disclosure
A controller user who has SpaceAuditor authorization in a specific space could retrieve sensitive application data like service bindings within that space. (CVE-2018-2374)
CVSS Information
CVSS v3 Base Score: 7.1 / 10
CVSS v3 Base Vector:
|
AV : Attack Vector (Related exploit range) |
Network (N) |
|
AC : Attack Complexity (Required attack complexity) |
Low (L) |
|
PR : Privileges Required (Level of privileges needed to exploit) |
Low (L) |
|
UI : User Interaction (Required user participation) |
None (N) |
|
S : Scope (Change in scope due to impact caused to components beyond the vulnerable component) |
Unchanged (U) |
|
C : Impact to Confidentiality |
High (H) |
|
I : Impact to Integrity |
Low (L) |
|
A : Impact to Availability |
None (N) |
SAP provides this CVSS v3 base score as an estimate of the risk posed by the issue reported in this note. This estimate does not take into account your own system configuration or operational environment. It is not intended to replace any risk assessments you are advised to conduct when deciding on the applicability or priority of this SAP security note. For more information, see the FAQ section at https://support.sap.com/securitynotes.
- A controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space
- CVE-2018-2375
- CVSS Score: 7.1; NLLN | U | HLN
- A controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space
- CVE-2018-2376
- CVSS Score: 7.1; NLLN | U | HLN
- An unauthenticated user could test if a given username is valid by evaluating error messages of a specific UAA endpoint
- CVE-2018-2379
- CVSS Score: 5.3; NLNN | U | LNN
- Unauthorized users can read statistical data about deployed applications including resource consumption
- CVE-2018-2378
- CVSS Score: 5.3; NLNN | U | LNN
- Some general server statistics and status information could be retrieved by unauthorized users
- CVE-2018-2377
- CVSS Score: 5.3; NLNN | U | LNN
- A plain keystore password is written to a HANA system log file which could endanger confidentiality of SSL communication of the xsuaa service
- CVE-2018-2372
- CVSS Score: 4.4; LLHN | U | HNN
- Under certain circumstances, a specific endpoint of the Controller’s API could be misued by unauthenticated users to execute SQL statements that deliver information about HANA system configuration
- CVE-2018-2373
- CVSS Score: 5.3; NLNN | U | LNN
Available fix and Supported packages
- SAP_EXTENDED_APP_SERVICES | 1 | 1
- SAP EXTENDED APP SERVICES 1 | SP000 | 000070
Affected component
- BC-XS-RT
OP Runtime / XS Controller
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2589129
