Vulnerability Details CVE-2016-6150
The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended access restrictions and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2233550.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 81.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/138453/SAP-HANA-DB-Encryption-Issue.html
- http://seclists.org/fulldisclosure/2016/Aug/96
- http://www.securityfocus.com/bid/92064
- https://layersevensecurity.com/wp-content/uploads/2016/02/Layer-Seven-Security_SAP-Security-Notes_January-2016.pdf
- https://www.onapsis.com/research/security-advisories/sap-hana-potential-wrong-encryption
- http://packetstormsecurity.com/files/138453/SAP-HANA-DB-Encryption-Issue.html
- http://seclists.org/fulldisclosure/2016/Aug/96
- http://www.securityfocus.com/bid/92064
- https://layersevensecurity.com/wp-content/uploads/2016/02/Layer-Seven-Security_SAP-Security-Notes_January-2016.pdf
- https://www.onapsis.com/research/security-advisories/sap-hana-potential-wrong-encryption