Skip to main content

SAP HANA XSC CVE-2026-44753

| EUVDEUVD-2026-43588 LOW
Observable Response Discrepancy (CWE-204)
2026-07-14 sap GHSA-q32w-qvcr-5jr4
3.7
CVSS 3.1 · Vendor: sap

Severity by source

Vendor (sap) PRIMARY
3.7 LOW
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
vuln.today AI
3.7 LOW

Network-reachable unauthenticated endpoint (AV:N/PR:N), but reliable enumeration requires differential response analysis justifying AC:H; only account existence disclosed (C:L), no integrity or availability impact.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
4.0 AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (sap).

CVSS VectorVendor: sap

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 14, 2026 - 01:18 vuln.today

DescriptionCVE.org

SAP HANA Database (user self service tools) allows an unauthenticated user to send specially crafted requests that produce distinguishable responses, enabling enumeration of valid user accounts and email addresses. Successful exploitation could allow the attacker to enumerate valid user accounts, resulting in low impact on confidentiality, with no impact on integrity and availability of the application.

AnalysisAI

User account enumeration in SAP HANA Extended Application Services Classic Model (XSC) user self-service tools allows unauthenticated remote attackers to identify valid usernames and email addresses by crafting requests that elicit distinguishable server responses. The CWE-204 root cause - observable response discrepancy - means the application behaves differently for valid versus invalid accounts, leaking account existence without requiring credentials. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed XSC self-service endpoint
Delivery
Send crafted account-lookup requests
Exploit
Compare distinguishable server responses
Execution
Enumerate valid usernames and emails
Impact
Use account list for downstream attack

Vulnerability AssessmentAI

Exploitation Exploitation requires that the SAP HANA Extended Application Services Classic Model (XSC) user self-service feature is deployed and network-accessible to the attacker - this is a component-level deployment condition, not just a configuration flag, meaning organisations that have never deployed XSC or have decommissioned it are not affected. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 3.7 accurately reflects the limited real-world risk: the vector AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N indicates that while the endpoint is network-reachable without authentication, the high attack complexity (AC:H) suggests the distinguishable responses require non-trivial effort to detect reliably - such as precise timing measurement or differential analysis under variable network conditions. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker with network access to the SAP HANA XSC user self-service portal submits a series of crafted account-lookup or password-reset requests cycling through candidate usernames or email addresses. By measuring and comparing response characteristics - such as timing differences, HTTP response codes, or subtle body content variations - the attacker distinguishes valid accounts from invalid ones. …
Remediation The primary remediation is to apply the patch documented in SAP Security Note 3732522 (https://me.sap.com/notes/3732522), released as part of SAP Security Patch Day. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-44753 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy