The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts. An unauthenticated user could use the error messages to determine if a given username is valid.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sap hana database 2.00 |
||
sap hana database 1.00 |