SAP HANA vulnerability threat report.

Maniman man
Maniman man used Ask the Experts™
The user self-service tools of SAP HANA contain some vulnerabilities and in order to prevent it , we have to update the systems or desactivate the the self-service tool.

In order to to determine wheather the the self-service tool is activated or not, we need to SQL the HANA database and query the folowing:

However it is not specified what result to expect if the tool is active, or not. The behaviors that I have so far on different systems are sligtly different.
Sometimes after the query, nothing happen. You go to the the next line. At times you are prompt for a username, others receive the following error:
Password:=*-10709  Connect Failed (No reachable host left).

I would like to know what result to expect when executing above query when self-user tool is active and vise versa.
Thank  you all for the help
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2015

Probably expected result is list of active connections of that type.
Exec Consultant
Distinguished Expert 2018
You may check on and from SQL it isblikely to return the user created and its status state. The security note from SAP should hace more info.

You can check from the web access as stated in the article.

To activate the tool you need admin privileges and config files are updated if enabled

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial