A partner account manager can help. Contact us today.

 Subscribe me to your mailing list

[ERPSCAN-16-035] SAP Solman – user accounts dislosure

Application: SAP NetWeaver AS JAVA
Versions Affected: SAP NetWeaver AS JAVA 7.42
Vendor URL: SAP
Bugs: Information Disclosure
Reported: 12.07.2016
Vendor response: 13.07.2016
Date of Public Advisory: 13.09.2016
Reference: SAP Security Note 2344524
Author: Roman Bezhan (ERPScan)


Webdynpro component allows attacker to gain users information defined in the system.

Business risk

An attacker can use Information disclosure vulnerability to reveal additional information (system data, debugging information, etc), which will help them learn about a system to plan further attacks.