SAP HANA vulnerability threat report.

Maniman man
Maniman man used Ask the Experts™
on
The user self-service tools of SAP HANA contain some vulnerabilities and in order to prevent it , we have to update the systems or desactivate the the self-service tool.

In order to to determine wheather the the self-service tool is activated or not, we need to SQL the HANA database and query the folowing:
SELECT NAME, STATUS FROM "_SYS_XS"."SQL_CONNECTIONS" WHERE NAME =
'sap.hana.xs.selfService.user::selfService'

However it is not specified what result to expect if the tool is active, or not. The behaviors that I have so far on different systems are sligtly different.
Sometimes after the query, nothing happen. You go to the the next line. At times you are prompt for a username, others receive the following error:
Password:=*-10709  Connect Failed (No reachable host left).

I would like to know what result to expect when executing above query when self-user tool is active and vise versa.
Thank  you all for the help
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2015

Commented:
Probably expected result is list of active connections of that type.
Exec Consultant
Distinguished Expert 2018
Commented:
You may check on and from SQL it isblikely to return the user created and its status state. The security note from SAP should hace more info.

https://www.linkedin.com/pulse/critical-security-flaw-sap-hana-user-self-service-tools-alper-somuncu

You can check from the web access as stated in the article.

To activate the tool you need admin privileges and config files are updated if enabled https://help.sap.com/viewer/6b94445c94ae495c83a19646e7c3fd56/2.0.00/en-US/7874f65641db4a81b7e99e30e807f866.html

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial