CVE-2016-4018 Information

Description

The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality which allows remote attackers to obtain sensitive information gain privileges and conduct unspecified other attacks via unspecified vectors aka SAP Security Note 2262742.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Reference

https://erpscan.io/press-center/blog/dos-vulnerabilities-on-the-rise-sap-security-notes-april-2016/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

LOW

Base Severity

7.3