2 matches found
Authorization
The function msp aka MSPRuntimeInterface in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the 1 getInformation, 2 getParameters, 3 getServiceInfo, 4 getStatistic, or 5 getClientStatistic...
CVE-2017-5372
SAP NetWeaver AS JAVA P4 MSPRuntimeInterface (MSPRuntimeInterface) in SERVERCORE is vulnerable to information disclosure due to missing authorization when calling getInformation, getParameters, getServiceInfo, getStatistic, or getClientStatistic. Public advisories (ErpScan ERPSCAN-16-037 and SAP ...