Incomplete Logging of SELECT Events in SAP HANA Audit Log

Incomplete Logging of SELECT Events in SAP HANA Audit Log

CVE-2018-2497 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:P/A:N

The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE <table_name> AS SELECT.

Learn more about our Web Application Penetration Testing UK.