Skip links

CVE-2018-2374 Security vulnerabilities in SAP HANA Extended Application Services, advanced, SAP security note 2589129

Description

Under certain conditions, the SAP HANA XS Advanced server allows an attacker to access information which would otherwise be restricted.

The vulnerability details along with their CVE relevant information can be found below.

Information Disclosure

A controller user who has SpaceAuditor authorization in a specific space could retrieve sensitive application data like service bindings within that space. (CVE-2018-2374)

CVSS Information

CVSS v3 Base Score: 7.1 / 10
CVSS v3 Base Vector:

AV : Attack Vector (Related exploit range)

Network (N)

AC : Attack Complexity (Required attack complexity)

Low (L)

PR : Privileges Required (Level of privileges needed to exploit)

Low (L)

UI : User Interaction (Required user participation)

None (N)

S : Scope (Change in scope due to impact caused to components beyond the vulnerable component)

Unchanged (U)

C : Impact to Confidentiality

High (H)

I : Impact to Integrity

Low (L)

A : Impact to Availability

None (N)

SAP provides this CVSS v3 base score as an estimate of the risk posed by the issue reported in this note. This estimate does not take into account your own system configuration or operational environment. It is not intended to replace any risk assessments you are advised to conduct when deciding on the applicability or priority of this SAP security note. For more information, see the FAQ section at https://support.sap.com/securitynotes.

  • A controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space
  • A controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space
  • An unauthenticated user could test if a given username is valid by evaluating error messages of a specific UAA endpoint
  • Unauthorized users can read statistical data about deployed applications including resource consumption
  • Some general server statistics and status information could be retrieved by unauthorized users
  • A plain keystore password is written to a HANA system log file which could endanger confidentiality of SSL communication of the xsuaa service
  • Under certain circumstances, a specific endpoint of the Controller’s API could be misued by unauthenticated users to execute SQL statements that deliver information about HANA system configuration

    Available fix and Supported packages

    • SAP_EXTENDED_APP_SERVICES | 1 | 1
    • SAP EXTENDED APP SERVICES 1 | SP000 | 000070

    Affected component

      BC-XS-RT
      OP Runtime / XS Controller

    CVSS

    Score: 0

    Exploit

    Exploit is not available.
    For detailed information please contact the mail [email protected]

    URL

    https://launchpad.support.sap.com/#/notes/2589129

    TAGS

    #Information-Exposure
    #Information-Leak
    #&160-CVE-2018-2374
    #&160-CVE-2018-2375
    #&160-CVE-2018-2376
    #&160-CVE-2018-2379
    #&160-CVE-2018-2378
    #&160-CVE-2018-2377
    #&160-CVE-2018-2372
    #&160-CVE-2018-2373