[ERPSCAN-11-034] SAP NetWeaver J2EE MeSync – information disclose
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver MI 2
Vendor URL: http://www.sap.com
Date of Public Advisory:11.11.2011
Author: Alexander Polyakov
Attacker can get information about mobile engine version and sometimes the name of the technical user.
Vulnerability can lead to disclosure of the information on the system without authentication and can help an attacker to penetrate the system. An attacker can use the information from the given service for the subsequent attacks which will lead to illegal access to the business-critical information.