Vulnerabilities > CVE-2018-2497 - Unspecified vulnerability in SAP Hana 1.0/2.0

CVSS 2.7 - LOW

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

sap

NVD

Published: 2018-12-11

Updated: 2020-08-24

Summary

The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE <table_name> AS SELECT.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Hana 2.0 SAP Hana 1.0	2

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699
https://launchpad.support.sap.com/#/notes/2704878
http://www.securityfocus.com/bid/106152