Authorization

The function msp aka MSPRuntimeInterface in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the 1 getInformation, 2 getParameters, 3 getServiceInfo, 4 getStatistic, or 5 getClientStatistic...

CVE-2017-5372

SAP NetWeaver AS JAVA P4 MSPRuntimeInterface (MSPRuntimeInterface) in SERVERCORE is vulnerable to information disclosure due to missing authorization when calling getInformation, getParameters, getServiceInfo, getStatistic, or getClientStatistic. Public advisories (ErpScan ERPSCAN-16-037 and SAP ...

KMC Controls BAC-5051E Multiple Vulnerabilities

KMC Controls BAC-5051E is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

[ERPSCAN-15-009] SAP Afaria 7 XcListener - Missing authorization check

ERPSCAN Research Advisory ERPSCAN-15-009 SAP Afaria 7 XcListener - Missing authorization check Application: SAP Afaria 7 Versions Affected: SAP Afaria 7, probably others Vendor URL: http://SAP.com Bugs: Missing authorization check Sent: 09.12.2014 Reported: 09.12.2014 Vendor response: 10.12.2014...

SAP NetWeaver - Unauthorized logon page

Application: SAP NetWeaver Versions Affected: 7.00 7.0014.20050509144048.0000 Vendor URL: http://www.sap.com Bugs: Missing Authorization Check Exploits: NO Reported: 20.08.2010 Vendor response: 23.08.2010 Date of Public Advisory: 12.02.2014 Reference: SAP Security Note 1860923 Author: Alexander...