Close

HAVE QUESTIONS?

A partner account manager can help. Contact us today.

[ERPSCAN-12-048] SAP NetWeaver SDM Admin – DoS

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver
Vendor URL: http://www.sap.com
Bugs: Information Disclosure
Exploits: YES
Reported: 10.02.2012
Vendor response: 11.02.2012
Date of Public Advisory: 10.10.2012
Reference: SAP Security Note 1724516
Authors: Alexander Polyakov (ERPScan)

Description
SAP NetWeaver SDM service is vulnerable to information disclosure attacks.

Business Risk
The vulnerability can lead to disclosure of information on the system without authentication and can help an attacker to penetrate the system. An attacker can use the information from the given service for subsequent attacks which will lead to illegal access to the business-critical information.