CVE-2016-3639
Description
SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Remote unauthenticated attackers can retrieve sensitive SAP HANA topology information (hostnames, ports, version) via an unspecified HTTP request
Vulnerability
SAP HANA DB version 1.00.091.00.1418659308 exposes an unspecified HTTP endpoint that returns sensitive topology information [1]. The vulnerability is classified as CWE-201 (Information Exposure Through Sent Data) and requires no authentication to exploit [1]. The affected component is the SAP HANA database platform [1].
Exploitation
An unauthenticated attacker can send a crafted HTTP request to the SAP HANA system from any network-accessible location [1]. The advisory states this can be performed through a web browser without any credentials [1]. No user interaction or special privileges are required [1].
Impact
By exploiting this vulnerability, an attacker can obtain technical information such as host names, HTTP/S ports, and the SAP HANA version [1]. This data can be used to plan more sophisticated attacks against the system [1][2]. The CVSS v2 rating of 5.0 indicates a medium-severity information disclosure [1].
Mitigation
SAP released Security Note 2176128 addressing this issue [1]. The vendor has provided a fix for SAP HANA DB 1.00.091.00.1418659308, which should be applied as the primary mitigation [1]. No workarounds are disclosed in the available references. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- onapsis.com/research/security-advisories/sap-hana-get-topology-information-disclosurenvdPermissions RequiredThird Party Advisory
- packetstormsecurity.com/files/138428/SAP-HANA-1.00.091.00.1418659308-Information-Disclosure.htmlnvdThird Party Advisory
- seclists.org/fulldisclosure/2016/Aug/83nvdThird Party Advisory
- www.securityfocus.com/bid/92547nvdThird Party Advisory
News mentions
0No linked articles in our index yet.