CVE-2018-2497

Description

The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE <table_name> AS SELECT.

Affected products

• SAP / SAP HANA= 1.0 – = 1.0
• SAP / SAP HANA= 2.0 – = 2.0

References

• MISChttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699
• MISChttp://www.securityfocus.com/bid/106152
• MISChttps://launchpad.support.sap.com/#/notes/2704878