SAP HANA vulnerability threat report.
The user self-service tools of SAP HANA contain some vulnerabilities and in order to prevent it , we have to update the systems or desactivate the the self-service tool.
In order to to determine wheather the the self-service tool is activated or not, we need to SQL the HANA database and query the folowing:
SELECT NAME, STATUS FROM "_SYS_XS"."SQL_CONNECTIONS
'sap.hana.xs.selfService.u
However it is not specified what result to expect if the tool is active, or not. The behaviors that I have so far on different systems are sligtly different.
Sometimes after the query, nothing happen. You go to the the next line. At times you are prompt for a username, others receive the following error:
Password:=*-10709 Connect Failed (No reachable host left).
I would like to know what result to expect when executing above query when self-user tool is active and vise versa.
Thank you all for the help
In order to to determine wheather the the self-service tool is activated or not, we need to SQL the HANA database and query the folowing:
SELECT NAME, STATUS FROM "_SYS_XS"."SQL_CONNECTIONS
'sap.hana.xs.selfService.u
However it is not specified what result to expect if the tool is active, or not. The behaviors that I have so far on different systems are sligtly different.
Sometimes after the query, nothing happen. You go to the the next line. At times you are prompt for a username, others receive the following error:
Password:=*-10709 Connect Failed (No reachable host left).
I would like to know what result to expect when executing above query when self-user tool is active and vise versa.
Thank you all for the help
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
You may check on and from SQL it isblikely to return the user created and its status state. The security note from SAP should hace more info.
https://www.linkedin.com/pulse/critical-security-flaw-sap-hana-user-self-service-tools-alper-somuncu
You can check from the web access as stated in the article.
To activate the tool you need admin privileges and config files are updated if enabled https://help.sap.com/viewer/6b94445c94ae495c83a19646e7c3fd56/2.0.00/en-US/7874f65641db4a81b7e99e30e807f866.html
https://www.linkedin.com/pulse/critical-security-flaw-sap-hana-user-self-service-tools-alper-somuncu
You can check from the web access as stated in the article.
To activate the tool you need admin privileges and config files are updated if enabled https://help.sap.com/viewer/6b94445c94ae495c83a19646e7c3fd56/2.0.00/en-US/7874f65641db4a81b7e99e30e807f866.html
Premium Content
You need an Expert Office subscription to comment.Start Free Trial