Leading SAP AG partner in discovering and solving security vulnerabilities                             What is DSecRG?          
DSECRG Advisories

[DSECRG-12-016] SAP MessagingSystem – information disclosure

February 21, 2012/Advisories

Details

Application: SAP NetWeaver
Vendor URL: http://sap.com
Bugs: Information disclosure
Risk: High
Exploits: YES
Reported: 07.12.2011
Vendor response: 17.02.2012
Date of Public Advisory: 17.02.2012
Reference: SAP Note 1585527
Author: DSecRG

Description

Information disclosure in MessagingSystem servlet.

Business Risk

The vulnerability can lead to disclosure of information on the system without authentication and can help an attacker to penetrate the system. An attacker can use the information from the given service for subsequent attacks which will lead to illegal access to the business-critical information.

Full description of DSECRG-12-016