Application: SAP Solman
Versions Affected: SAP Solman 7.1-7.31
Vendor URL: SAP
Bugs: Information Disclosure
Reported: 12.07.2016
Vendor response: 13.07.2016
Date of Public Advisory: 13.09.2016
Reference: SAP Security Note 2344524
Author: Roman Bezhan (ERPScan)

VULNERABILITY INFORMATION

CVE-2016-10005
Class: Information Disclosure
Impact: Disclosure of system information
Remotely Exploitable: Yes
Locally Exploitable: No

CVSS Information

CVSS Base Score v3: 5.3 / 10
CVSS Base Vector:

AV: Attack Vector (Related exploit range) Network (N)
AC: Attack Complexity (Required attack complexity) Low (L)
PR: Privileges Required (Level of privileges needed to exploit) None (N)
UI: User Interaction (Required user participation) None (N)
S: Scope (Change in scope due to impact caused to components beyond the vulnerable component) Unchanged (U)
C: Impact to Confidentiality Low (L)
I: Impact to Integrity None (N)
A: Impact to Availability None (N)

Description

Webdynpro component allows attacker to gain users information defined in the system.

Business risk

An attacker can use Information disclosure vulnerability to reveal additional information (system data, debugging information, etc.), which will help them learn about a system to plan further attacks.

VULNERABLE PACKAGES

CAF EU 7.00
CAF EU 7.01
CAF EU 7.02
GUIDED PROCEDURES CORE 7.10
GUIDED PROCEDURES CORE 7.11
GUIDED PROCEDURES CORE 7.20
GUIDED PROCEDURES CORE 7.30
GUIDED PROCEDURES CORE 7.31
GUIDED PROCEDURES CORE 7.40
GUIDED PROCEDURES CORE 7.50
GUIDED PROCEDURES UI ITG 7.50

SOLUTIONS AND WORKAROUNDS

To correct this vulnerability, install SAP Security Note 2344524

TECHNICAL DESCRIPTION

An anonymous attacker can use caf~eu~gp~example~timeoff~wd component to get users information defined in the system. He should click “Change processor” and start to search users by name in new open below dialog box.

Proof of Concept

FURTHER READING

For more detail, please follow the link .