SAP HANA User Account Enumeration Vulnerability

SAP HANA User Account Enumeration Vulnerability

CVE-2017-16687 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts. An unauthenticated user could use the error messages to determine if a given username is valid.

Learn more about our Cis Benchmark Audit For Suse Linux Enterprise Server.