SAP NetWeaver 7.5 Information disclosure + port scan in SLD test application

2016-04-22T00:00:00
ID ERPSCAN-16-039
Type erpscan
Reporter ERPScan
Modified 2016-04-22T00:00:00

Description

Application: SAP NetWeaver AS Java
Versions Affected: SAP NetWeaver SLD
Vendor URL: SAP
Bugs: Information disclosure
Reported: 22.04.2016
Vendor response: 23.04.2016
Date of Public Advisory: 08.11.2016
Reference: SAP Security Note 2342940
Author: Mathieu Geli (ERPScan)

VULNERABILITY INFORMATION

Class:Information disclosure
Impact: loss of information and system configuration confidentiality
Remotely Exploitable: yes
Locally Exploitable: no

CVSS Information

CVSS Base Score v3: 5.3 / 10
CVSS Base Vector:

AV: Attack Vector (Related exploit range) | Network (N)
---|---
AC: Attack Complexity (Required attack complexity) | Low (L)
PR: Privileges Required (Level of privileges needed to exploit) | None (N)
UI: User Interaction (Required user participation) | None (N)
S: Scope (Change in scope due to impact caused to components beyond the vulnerable component) | Unchanged (U)
C: Impact to Confidentiality | Low (L)
I: Impact to Integrity | None (N)
A: Impact to Availability | None (N)

Description

The SLD webdynpro component allows entering an URL anonymously and making the server send a fixed (SLD specific) payload to it.

Business risk

An attacker can use Information disclosure vulnerability for revealing additional information (system data, debugging information, etc.) which will help to learn about a system and to plan other attacks.

VULNERABLE PACKAGES

LM-SLD 7.30
LM-SLD 7.50

SOLUTIONS AND WORKAROUNDS

To correct this vulnerability, install SAP Security Note 2342940.

TECHNICAL DESCRIPTION

SAP NetWeaver 7.5 information disclosure on SLD Test application.

Proof of Concept

http://172.16.30.29:50000/webdynpro/resources/sap.com/tc~sld~wd~admin/Test#

1

|

http://172.16.30.29:50000/webdynpro/resources/sap.com/tc~sld~wd~admin/Test#

---|---