Skip to main content

SAP EUVDEUVD-2026-22173

| CVE-2026-34262 MEDIUM
Insufficiently Protected Credentials (CWE-522)
2026-04-14 sap GHSA-rvmc-gf2q-j9mw
5.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
Apr 14, 2026 - 01:22 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 01:15 euvd
EUVD-2026-22173
Analysis Generated
Apr 14, 2026 - 01:15 vuln.today
CVE Published
Apr 14, 2026 - 00:09 nvd
MEDIUM 5.0

DescriptionCVE.org

Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer

AnalysisAI

SAP HANA Cockpit and HANA Database Explorer leak sensitive information to authenticated network users due to improper credential storage mechanisms (CWE-522). An authenticated attacker with network access can retrieve confidential data without requiring elevated privileges or user interaction. This vulnerability affects all versions of SAP HANA Cockpit and HANA Database Explorer; patch availability and active exploitation status are not confirmed from available data.

Technical ContextAI

The vulnerability resides in SAP HANA Cockpit and HANA Database Explorer, administrative and monitoring tools for SAP HANA database instances. CWE-522 (Insufficiently Protected Credentials) indicates that sensitive credentials or configuration data are stored or transmitted without adequate security controls-likely in plaintext, weakly encrypted, or in predictable locations accessible to authenticated users. The affected products are network-accessible components (AV:N per CVSS) that maintain authentication credentials for backend HANA database connections. This suggests the vulnerability may involve credential caching, session storage, or configuration file exposure accessible through the web interface or API endpoints.

RemediationAI

Organizations must review SAP Note 3730639 (https://me.sap.com/notes/3730639) and SAP Security Patch Day (https://url.sap/sapsecuritypatchday) for vendor-issued patches and recommended fixes specific to their HANA Cockpit and HANA Database Explorer installations. Pending patch deployment, restrict network access to HANA Cockpit and HANA Database Explorer to trusted administrative users and segments, enforce strong authentication (multi-factor if supported), and monitor access logs for unauthorized credential retrieval attempts. Do not store or cache sensitive credentials in plaintext; ensure all configuration files containing database connection credentials are protected with file-level access controls and encryption.

Share

EUVD-2026-22173 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy