CVE-2016-3639

EUVD-2016-4664
SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
Affected Products (NVD)
VendorProductVersion
saphana_db
1.00.091.00.1418659308
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://onapsis.com/research/security-advisories/sap-hana-get-topology-information-disclosure
http://packetstormsecurity.com/files/138428/SAP-HANA-1.00.091.00.1418659308-Information-Disclosure.html
http://seclists.org/fulldisclosure/2016/Aug/83
http://www.securityfocus.com/bid/92547
http://onapsis.com/research/security-advisories/sap-hana-get-topology-information-disclosure
http://packetstormsecurity.com/files/138428/SAP-HANA-1.00.091.00.1418659308-Information-Disclosure.html
http://seclists.org/fulldisclosure/2016/Aug/83
http://www.securityfocus.com/bid/92547