Back to overview

CVE-2026-44753

LOW
3.7
CVSS 3.1
Description
SAP HANA Database (user self service tools) allows an unauthenticated user to send specially crafted requests that produce distinguishable responses, enabling enumeration of valid user accounts and email addresses. Successful exploitation could allow the attacker to enumerate valid user accounts, resulting in low impact on confidentiality, with no impact on integrity and availability of the application.

Metadata

CVE ID
CVE-2026-44753
State
PUBLISHED
Assigner
sap
Reserved
2026-05-07 18:31 UTC
Published
2026-07-14 00:19 UTC
Last updated
2026-07-14 00:19 UTC
Primary CWE
CWE-204
CWE-204: Observable Response Discrepancy
Vendor / Product
SAP_SE / SAP HANA Extended Application Services classic model (User Self Service)
Sources
cve.org  ·  NVD

Severity & Metrics

3.7 LOW CVSS 3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products (1)
VendorProductPlatformVersions
SAP_SE SAP HANA Extended Application Services classic model (User Self Service) HDB 2.00
Weakness (CWE)
CWESourceDescription
CWE-204 cna CWE-204: Observable Response Discrepancy
CVSS scores (1)
ScoreSeverityVersionSourceVector
3.7 LOW 3.1 cna CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Back to overview