Close

HAVE QUESTIONS?

A partner account manager can help. Contact us today.

[ERPSCAN-16-016] SAP NetWeaver Java AS WD_CHAT – Information disclosure vulnerability

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver 7.1 - 7.5
Vendor URL: SAP
Bugs: Information disclosure
Reported: 04.12.2015
Vendor response: 05.12.2015
Date of Public Advisory: 08.03.2016
Reference: SAP Security Note 2255990
Author: Vahagn Vardanyan (ERPScan)

VULNERABILITY INFORMATION

Class: Information disclosure
Impact: Private data leakage
Remotely Exploitable: Yes
Locally Exploitable: No
CVE: CVE-2016-3973
CVSS Information
CVSS Base Score v3: 4.3 / 10
CVSS Base Vector:

AV : Access Vector (Related exploit range) Network (N)
AC : Access Complexity (Required attack complexity) Low (L)
Au : Authentication (Level of authentication needed to exploit) None (N)
C : Impact to Confidentiality Low(N)
I : Impact to Integrity None(N)
A : Impact to Availability None (N)

Description
Anonymous attacker can use a special HTTP request to get information about SAP NetWeaver users.

Business risk
An attacker can use an Information disclosure vulnerability to reveal additional information (system data, debugging information, etc) which will help him to learn about a system and to plan other attacks.

VULNERABLE PACKAGES

RTC 7.3-7.4
Other versions are probably affected too, but they were not checked.

SOLUTIONS AND WORKAROUNDS

To correct this vulnerability, install SAP Security Note 2255990

TECHNICAL DESCRIPTION

Anonymous attacker can use a special HTTP request to get information about SAP NetWeaver users.

Steps to exploit the vulnerability

1. open http://SAP:50000/webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat#
2. press "Add users"
3. in the opened window, enter any chars and press search