Description
Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer
Published: 2026-04-14
Score: 5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Patch Now
AI Analysis

Impact

A flaw in SAP HANA Cockpit and the HANA Database Explorer allows an attacker to obtain sensitive information that should be restricted. The weakness is classified as CWE‑522, indicating that confidential data can be accessed without proper authorization. Potentially exposed information could include configuration settings, access credentials, or other privileged details that compromise confidentiality of the system.

Affected Systems

The affected products are SAP HANA Cockpit and the HANA Database Explorer, both part of SAP’s HANA platform. The advisory does not list specific version numbers, implying that any deployment of these services could be vulnerable unless confirmed patched.

Risk and Exploitability

The CVSS base score of 5.0 reflects moderate severity. Because exploitation data is not available, and the vulnerability is not listed in known exploited vulnerability catalogs, widespread attacks have not been reported. The likely attack path is remote access via the web interfaces of the cockpit and explorer, though the precise conditions required to exploit the issue are not detailed in the advisory and are inferred rather than explicitly confirmed.

Generated by OpenCVE AI on April 14, 2026 at 04:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the update provided in SAP note 3730639 to both HANA Cockpit and HANA Database Explorer.
  • Restrict network access to the cockpit and explorer interfaces so that only trusted users can reach them.
  • Verify after patching that the disclosed information has been properly secured; review logs for any residual data exposure.

Generated by OpenCVE AI on April 14, 2026 at 04:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Sap
Sap hana Cockpit
Sap hana Database Explorer
Vendors & Products Sap
Sap hana Cockpit
Sap hana Database Explorer

Tue, 14 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
Description Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer
Title Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer
Weaknesses CWE-522
References
Metrics cvssV3_1

{'score': 5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N'}

Subscriptions

Sap Hana Cockpit Hana Database Explorer
cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published:

Updated: 2026-04-14T13:14:17.275Z

Reserved: 2026-03-26T19:02:45.983Z

Link: CVE-2026-34262

cve-icon Vulnrichment

Updated: 2026-04-14T13:08:57.395Z

cve-icon NVD

Status : Received

Published: 2026-04-14T01:16:04.050

Modified: 2026-04-14T01:16:04.050

Link: CVE-2026-34262

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:31:15Z

Weaknesses