Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2016/08/05 2:59 p.m.15 views

CVE-2016-6145

The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailederroronconnect option is not supported or is configured as "False," which allows remote attackers to enumerat...

5.3CVSS5.6AI score0.01502EPSS
Exploits0References5
OSV
OSVadded 2016/08/05 2:59 p.m.3 views

CVE-2016-6144

The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the passwordlockforsystemuser is not supported or is configured as "False," which makes it easier for remote attackers to bypass authentication via a brute force attack, aka SAP...

8.1CVSS5.9AI score0.03841EPSS
Exploits0References5
Prion
Prionadded 2016/08/05 2:59 p.m.13 views

Code injection

The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailederroronconnect option is not supported or is configured as "False," which allows remote attackers to enumerat...

5CVSS7.8AI score0.01502EPSS
Exploits0References5Affected Software1
Cvelist
Cvelistadded 2016/08/05 2:0 p.m.22 views

CVE-2016-6145

The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailederroronconnect option is not supported or is configured as "False," which allows remote attackers to enumerat...

5.6AI score0.01502EPSS
Exploits0References5
Cvelist
Cvelistadded 2016/08/05 2:0 p.m.24 views

CVE-2016-6144

The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the passwordlockforsystemuser is not supported or is configured as "False," which makes it easier for remote attackers to bypass authentication via a brute force attack, aka SAP...

8.4AI score0.03841EPSS
Exploits0References5
CVE
CVEadded 2016/08/05 2:0 p.m.41 views

CVE-2016-6145

SAP HANA DB 1.00.091.00.1418659308 is affected by a user-enumeration vulnerability where the SQL interface leaks different error messages for failed logins depending on whether a username exists/ is locked due to the detailed_error_on_connect setting. Remote attackers could exploit a series of lo...

5.3CVSS5.7AI score0.01502EPSS
Exploits0References5Affected Software1
CVE
CVEadded 2016/08/05 2:0 p.m.51 views

CVE-2016-6144

SAP HANA SQL interface vulnerability CVE-2016-6144 affects SAP HANA versions prior to Revision 102, where login attempts for SYSTEM are not rate-limited when password_lock_for_system_user is unsupported or false, enabling brute-force authentication bypass. Impact: remote attacker could bypass aut...

8.1CVSS8.3AI score0.03841EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder