Close

HAVE QUESTIONS?

A partner account manager can help. Contact us today.

[ERPSCAN-11-027] NetWeaver BCB – Missing Authorization / Information disclosure

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver Business Communication Broker
Vendor URL: http://www.sap.com
Bugs: Information disclose
Reported:09.06.2010
Vendor response: 10.06.2010
Date of Public Advisory: 17.06.2011
CVSS: 7.5
Reported:01.04.2010
Vendor response:02.04.2010
Date of Public Advisory:20.07.2011
Author:Alexander Polyakov

Description
NetWeaver Business Communication Broker affected to information disclosure through missing authorization.

Business Risk
Vulnerability can lead to disclosure of the information on the system without authentication and can help an attacker to penetrate the system. An attacker can use the information from the given service for the subsequent attacks which will lead to illegal access to the business-critical information.