Application: SAP NetWeaver AS Java
Versions Affected: SAP NetWeaver SLD
Vendor URL: SAP
Bugs: Information disclosure
Reported: 22.04.2016
Vendor response: 23.04.2016
Date of Public Advisory: 08.11.2016
Reference: SAP Security Note 2342940
Author: Mathieu Geli (ERPScan)

VULNERABILITY INFORMATION

Class:Information disclosure
Impact: loss of information and system configuration confidentiality
Remotely Exploitable: yes
Locally Exploitable: no

CVSS Information

CVSS Base Score v3: 5.3 / 10
CVSS Base Vector:

AV: Attack Vector (Related exploit range) Network (N)
AC: Attack Complexity (Required attack complexity) Low (L)
PR: Privileges Required (Level of privileges needed to exploit) None (N)
UI: User Interaction (Required user participation) None (N)
S: Scope (Change in scope due to impact caused to components beyond the vulnerable component) Unchanged (U)
C: Impact to Confidentiality Low (L)
I: Impact to Integrity None (N)
A: Impact to Availability None (N)

Description

The SLD webdynpro component allows entering an URL anonymously and making the server send a fixed (SLD specific) payload to it.

Business risk

An attacker can use Information disclosure vulnerability for revealing additional information (system data, debugging information, etc.) which will help to learn about a system and to plan other attacks.

VULNERABLE PACKAGES

LM-SLD 7.30
LM-SLD 7.50

SOLUTIONS AND WORKAROUNDS

To correct this vulnerability, install SAP Security Note 2342940.

TECHNICAL DESCRIPTION

SAP NetWeaver 7.5 information disclosure on SLD Test application.

Proof of Concept