ERPScanERPSCAN-16-016SAP NetWeaver Java AS WD_CHAT - Information disclosure vulnerability
0.002 Low
EPSS
Percentile
62.1%
Application: SAP NetWeaver **Versions Affected:**SAP NetWeaver 7.1 – 7.5 Vendor URL: SAP **Bugs:**Information disclosure **Reported:**04.12.2015 **Vendor response:**05.12.2015 **Date of Public Advisory:**08.03.2016 **Reference:**SAP Security Note 2255990 Author: Vahagn Vardanyan (ERPScan)
VULNERABILITY INFORMATION
Class: Information disclosure
Impact: Private data leakage
Remotely Exploitable: Yes
Locally Exploitable: No
CVE: CVE-2016-3973
CVSS Information
CVSS Base Score v3: 4.3 / 10
CVSS Base Vector:
| AV : Access Vector (Related exploit range) | Network (N) |
|---|---|
| AC : Access Complexity (Required attack complexity) | Low (L) |
| Au : Authentication (Level of authentication needed to exploit) | None (N) |
| C : Impact to Confidentiality | Low(N) |
| I : Impact to Integrity | None(N) |
| A : Impact to Availability | None (N) |
Description
Anonymous attacker can use a special HTTP request to get information about SAP NetWeaver users.
Business risk
An attacker can use an Information disclosure vulnerability to reveal additional information (system data, debugging information, etc) which will help him to learn about a system and to plan other attacks.
VULNERABLE PACKAGES
RTC 7.3-7.4
Other versions are probably affected too, but they were not checked.
SOLUTIONS AND WORKAROUNDS
To correct this vulnerability, install SAP Security Note 2255990
TECHNICAL DESCRIPTION
Anonymous attacker can use a special HTTP request to get information about SAP NetWeaver users.
Steps to exploit the vulnerability
1. open http://SAP:50000/webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat#
2. press “Add users”
3. in the opened window, enter any chars and press search
Related
