Close

HAVE QUESTIONS?

A partner account manager can help. Contact us today.

 Subscribe me to your mailing list

[ERPSCAN-15-007] SAP Management Console ReadProfile Parameters – Information disclosure

Application: SAP NetWeaver 7.40
Vendor URL: http://www.sap.com
Bugs: Information disclosure
Reported: 06.11.2014
Vendor response: 07.11.2014
Date of Public Advisory: 15.03.2015
Reference: SAP Security Note 2091768
Authors: Dmitry Chastukhin (ERPScan)

VULNERABILITY INFORMATION
Class: Information disclosure [CWE-200]
Impact: Information disclosure
Remotely Exploitable: Yes
Locally Exploitable: No
CVE Name: CVE-2015-2817

Business Risk
It is possible to get some information from the web interface of CCMS without authentication. An attacker can use the information for subsequent attacks which will lead to illegal access to business-critical information.

Description
An anonymous attacker can send a special POST HTTP request to get information about any SAP profile parameters.

VULNERABLE PACKAGES
SAP NetWeaver 7.40 (sapstartsrv.exe, version v7400.12.21.30308).
Other versions are probably affected too, but they were not checked.

SOLUTIONS AND WORKAROUNDS
Install SAP Security Note 2091768 or upgrade kernel to the associated patch level.

TECHNICAL DESCRIPTION
An anonymous attacker can send a special POST HTTP request to get information about any SAP profile parameters.

Defense

To prevent this issue as well as a plethora of other vulnerabilities that may affect your systems, ERPScan provides the following services: