Close

HAVE QUESTIONS?

A partner account manager can help. Contact us today.

 Subscribe me to your mailing list

[ERPSCAN-16-039] SAP NetWeaver 7.5 Information disclosure + port scan in SLD test application

Application: SAP NetWeaver AS Java
Versions Affected: SAP NetWeaver AS Java 7.5 Webdynpro
Vendor URL: SAP
Bugs: Information disclosure
Reported: 22.04.2016
Vendor response: 23.04.2016
Date of Public Advisory: 08.11.2016
Reference: SAP Security Note 2342940
Author: Mathieu Geli (ERPScan)

Description

Webdynpro component allows anonymously to enter URL and to send a fixed (SLD specific) payload to it.

Business risk

An attacker can use Information disclosure vulnerability for revealing additional information (system data, debugging information, etc.) which will help to learn about a system and to plan other attacks.