CVE-2018-2497 Event not logged in SAP HANA database audit log, SAP security note 2704878

Description

The security audit log of SAP HANA does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE <table_name> AS SELECT.

Available fix and Supported packages

HDB | 1.00 | 1.00
HDB | 2.00 | 2.00
SAP HANA DATABASE 1.00 | SP122 | 000017
SAP HANA DATABASE 2.0 | SP024 | 000001
SAP HANA DATABASE 2.0 | SP030 | 000000

Affected component

CVSS

Score: 2.7
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2704878

Vahagn Vardanian

CVE-2018-2497 Event not logged in SAP HANA database audit log, SAP security note 2704878

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#SAP-HANA
#security-audit-log
#policies
#&160-CVE-2018-2497

More to explorer

Reproducing CVE-2024-10979: A Step-by-Step Guide

SAP Security Patch Day – November 2024

How the SAP Penetration Testing Process at RedRays Works

Local Privilege Escalation Vulnerability in SAP SAPControl

Vahagn Vardanian

CVE-2018-2497 Event not logged in SAP HANA database audit log, SAP security note 2704878

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#SAP-HANA#security-audit-log#policies#&160-CVE-2018-2497

More to explorer

Reproducing CVE-2024-10979: A Step-by-Step Guide

SAP Security Patch Day – November 2024

How the SAP Penetration Testing Process at RedRays Works

Local Privilege Escalation Vulnerability in SAP SAPControl

Special offer for SAP Security Udemy course!

$ 9.99

#SAP-HANA
#security-audit-log
#policies
#&160-CVE-2018-2497