Unauth Resp-Disposition Enum in SAP HANA User Self Service Tools
CVE-2026-44753 Published on July 14, 2026
Information Disclosure vulnerability in SAP HANA Extended Application Services classic model (User Self Service)
SAP HANA Database (user self service tools) allows an unauthenticated user to send specially crafted requests that produce distinguishable responses, enabling enumeration of valid user accounts and email addresses. Successful exploitation could allow the attacker to enumerate valid user accounts, resulting in low impact on confidentiality, with no impact on integrity and availability of the application.
Vulnerability Analysis
CVE-2026-44753 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
Observable Response Discrepancy
The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere. This issue frequently occurs during authentication, where a difference in failed-login messages could allow an attacker to determine if the username is valid or not. These exposures can be inadvertent (bug) or intentional (design).
Products Associated with CVE-2026-44753
Want to know whenever a new CVE is published for SAP Hana Extended Application Services? stack.watch will email you.