CVE-2017-16687

Summary

The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts. An unauthenticated user could use the error messages to determine if a given username is valid.

Affected Software

VendorProductVersion RangeStatus
SAPSAP HANA extended application servicesSAP HANA Database 1.00, 2.00affected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References