{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34262", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2026-03-26T19:02:45.983Z", "datePublished": "2026-04-14T00:09:03.364Z", "dateUpdated": "2026-04-29T19:32:17.156Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2026-04-14T00:09:03.364Z"}, "title": "Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer", "problemTypes": [{"descriptions": [{"lang": "eng", "cweId": "CWE-522", "description": "CWE-522: Insufficiently Protected Credentials", "type": "CWE"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP HANA Cockpit and HANA Database Explorer", "versions": [{"status": "affected", "version": "SAP_HANA_COCKPIT 2.0"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer</p>"}]}], "references": [{"url": "https://me.sap.com/notes/3730639"}, {"url": "https://url.sap/sapsecuritypatchday"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34262", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T12:53:11.415883Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T13:14:17.275Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2026/Apr/16"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-29T19:32:17.156Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2026/Apr/16"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-29T19:32:17.156Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34262", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T12:53:11.415883Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T13:08:57.395Z"}}], "cna": {"title": "Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP HANA Cockpit and HANA Database Explorer", "versions": [{"status": "affected", "version": "SAP_HANA_COCKPIT 2.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/3730639"}, {"url": "https://url.sap/sapsecuritypatchday"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer", "supportingMedia": [{"type": "text/html", "value": "<p>Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "eng", "type": "CWE", "cweId": "CWE-522", "description": "CWE-522: Insufficiently Protected Credentials"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2026-04-14T00:09:03.364Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34262", "state": "PUBLISHED", "dateUpdated": "2026-04-29T19:32:17.156Z", "dateReserved": "2026-03-26T19:02:45.983Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2026-04-14T00:09:03.364Z", "assignerShortName": "sap"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:hana_cockpit:*:*:*:*:*:*:*:*", "matchCriteriaId": "A355BE8C-94D9-4003-879D-8BB514D694F5", "versionEndExcluding": "2.18.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:hana_database_explorer:-:*:*:*:*:*:*:*", "matchCriteriaId": "283834FE-FC6E-4AB5-ADE9-866FD7E8FBD7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer"}], "id": "CVE-2026-34262", "lastModified": "2026-05-04T14:32:46.267", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 1.4, "source": "cna@sap.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-14T01:16:04.050", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required"], "url": "https://me.sap.com/notes/3730639"}, {"source": "cna@sap.com", "tags": ["Permissions Required"], "url": "https://url.sap/sapsecuritypatchday"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2026/Apr/16"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "cna@sap.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "SAP_HANA_COCKPIT 2.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "SAP HANA Cockpit and HANA Database Explorer", "source": "cna", "vendor": "SAP_SE"}, "product": "hana_cockpit", "vendor": "sap"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "SAP_HANA_COCKPIT 2.0"}}], "original": {"product": "SAP HANA Cockpit and HANA Database Explorer", "source": "cna", "vendor": "SAP_SE"}, "product": "hana_database_explorer", "vendor": "sap"}], "analysis": {"en": {"generated_at": "2026-04-14T04:20:37.510257+00:00", "value": {"mitigation_remediation": ["Apply the update provided in SAP note 3730639 to both HANA Cockpit and HANA Database Explorer.", "Restrict network access to the cockpit and explorer interfaces so that only trusted users can reach them.", "Verify after patching that the disclosed information has been properly secured; review logs for any residual data exposure."], "summary": {"action": "Patch Now", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "The affected products are SAP HANA Cockpit and the HANA Database Explorer, both part of SAP\u2019s HANA platform. The advisory does not list specific version numbers, implying that any deployment of these services could be vulnerable unless confirmed patched.", "description_and_impact": "A flaw in SAP HANA Cockpit and the HANA Database Explorer allows an attacker to obtain sensitive information that should be restricted. The weakness is classified as CWE\u2011522, indicating that confidential data can be accessed without proper authorization. Potentially exposed information could include configuration settings, access credentials, or other privileged details that compromise confidentiality of the system.", "risk_and_exploitability": "The CVSS base score of 5.0 reflects moderate severity. Because exploitation data is not available, and the vulnerability is not listed in known exploited vulnerability catalogs, widespread attacks have not been reported. The likely attack path is remote access via the web interfaces of the cockpit and explorer, though the precise conditions required to exploit the issue are not detailed in the advisory and are inferred rather than explicitly confirmed."}}}}, "created": "2026-04-14T16:16:19.342427+00:00", "updated": "2026-04-14T16:31:15.846038+00:00", "vendors": ["sap", "sap$PRODUCT$hana_cockpit", "sap$PRODUCT$hana_database_explorer"]}