Close

HAVE QUESTIONS?

A partner account manager can help. Contact us today.

 Subscribe me to your mailing list

[ERPSCAN-12-050] SAP NetWeaver AdapterFramework – information disclosure

Application: SAP NetWeaver J2EE
Versions Affected: SAP NetWeaver J2EE Vendor URL: http://www.sap.com
Bugs: Information Disclosure
Exploits: YES
Reported: 06.12.2011
Vendor response: 07.12.2011
Date of Public Advisory: 13.11.2012
Reference: SAP Security Note 1679897
Authors: Dmitry Chastukhin (ERPScan)

Description
Information disclosure vulnerability about SAP version and other information found in AdapterFramework servlet.

Business Risk
The vulnerability can lead to disclosure of information on the system without authentication and can help an attacker to penetrate the system. An attacker can use the information from the given service for subsequent attacks which will lead to illegal access to the business-critical information.