CVE-2018-2369

{"id": "CVE-2018-2369", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2018-02-14T12:29:00.280", "references": [{"url": "http://www.securityfocus.com/bid/102997", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cna@sap.com"}, {"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://launchpad.support.sap.com/#/notes/2572940", "tags": ["Permissions Required"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Under certain conditions SAP HANA, 1.00, 2.00, allows an unauthenticated attacker to access information which would otherwise be restricted. An attacker can misuse the authentication function of the SAP HANA server on its SQL interface and disclose 8 bytes of the server process memory. The attacker cannot influence or predict the location of the leaked memory."}, {"lang": "es", "value": "Bajo ciertas condiciones, SAP HANA 1.00 y 2.00 permite que un atacante no autenticado acceda a informaci\u00f3n que, de otra forma, estar\u00eda restringida. Un atacante puede emplear err\u00f3neamente la funci\u00f3n de autenticaci\u00f3n del servidor de SAP HANA en su interfaz de SQL y revelar 8 bytes de la memoria del proceso del servidor. El atacante no puede influenciar o predecir la ubicaci\u00f3n de la memoria filtrada."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:hana:1.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F2FF19E-60E0-43D1-81BA-282D4CD8517E"}, {"criteria": "cpe:2.3:a:sap:hana:2.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA82740E-3E8C-41DE-BC32-3099900C4F0A"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}