SAP NetWeaver J2EE MeSync信息泄露漏洞

SAP NetWeaver是SAP的集成技术平台和自从SAP Business Suite以来的所有SAP应用的技术基础。 SAP NetWeaver J2EE MeSync在实现上存在信息泄露漏洞，攻击者无需验证即可获取移动引擎版本和技术人员姓名等敏感信息。 SAP NetWeaver 厂商补丁： SAP --- SAP已经为此发布了一个安全公告（DSECRG-11-034）以及相应补丁: DSECRG-11-034：SAP NetWeaver J2EE MeSync – Information Disclose...

[DSECRG-11-034] SAP NetWeaver J2EE MeSync – information disclose

DSECRG-11-034 SAP NetWeaver J2EE MeSync – information disclose Attacker can get information about mobile engine version and sometimes the name of the technical user. Application: SAP NetWeaver Versions Affected: SAP NetWeaver MI 2 Vendor URL: http://www.SAP.com Bugs: information disclosure...

SAP NetWeaver J2EE MeSync – information disclose

Application: SAP NetWeaver Versions Affected: SAP NetWeaver MI 2 Vendor URL: http://www.sap.com Bugs:information disclosure Exploits: YES Reported: 29.07.2011 Vendor response:30.07.2011 Date of Public Advisory:11.11.2011 Author: Alexander Polyakov Description Attacker can get information about...