Vulners
Lucene search
SAP Solman 7.31 Information Disclosure Vulnerability
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | SAP Solman Information Disclosure Vulnerability | 19 Sep 201600:00 | – | cnvd |
 | CVE-2016-10005 | 19 Dec 201606:55 | – | cve |
 | CVE-2016-10005 | 19 Dec 201606:55 | – | cvelist |
 | SAP Solman - user accounts disclosure CVE-2016-10005 | 7 Dec 201600:00 | – | erpscan |
 | EUVD-2016-1203 | 7 Oct 202500:30 | – | euvd |
 | CVE-2016-10005 | 19 Dec 201607:59 | – | nvd |
 | CVE-2016-10005 | 19 Dec 201607:59 | – | osv |
 | SAP Solman 7.31 Information Disclosure | 21 Dec 201600:00 | – | packetstorm |
 | Code injection | 19 Dec 201607:59 | – | prion |
Application: SAP Solman
Versions Affected: SAP Solman 7.1-7.31
Vendor URL: http://SAP.com
Bugs: Information Disclosure
Sent: 12.07.2016
Reported: 13.07.2016
Vendor response: 13.07.2016
Date of Public Advisory: 13.09.2016
Reference: SAP Security Note 2344524
Author: Roman Bezhan (ERPScan)
Description
1. ADVISORY INFORMATION
Title:[ERPSCAN-16-035] SAP Solman a user accounts disclosure
Advisory ID:[ERPSCAN-16-035]
Risk: high
Advisory URL: https://erpscan.com/advisories/erpscan-16-035-sap-solman-user-accounts-dislosure/
Date published: 13.12.2016
Vendors contacted: SAP
2. VULNERABILITY INFORMATION
Class: Information Disclosure
Impact: disclosure of system information
Remotely Exploitable: yes
Locally Exploitable: no
CVE: CVE-2016-10005
CVSS Information
CVSS Base Score v3: 5.3 / 10
CVSS Base Vector:
AV : Attack Vector (Related exploit range) Network (N)
AC : Attack Complexity (Required attack complexity) Low (L)
PR : Privileges Required (Level of privileges needed to exploit) None (N)
UI : User Interaction (Required user participation) None (N)
S : Scope (Change in scope due to impact caused to components beyond
the vulnerable component) Unchanged (U)
C : Impact to Confidentiality Low (L)
I : Impact to Integrity None (N)
A : Impact to Availability None (N)
3. VULNERABILITY DESCRIPTION
Webdynpro component allows an attacker to gain users information
defined in the system.
4. VULNERABLE PACKAGES
CAF EU 7.00
CAF EU 7.01
CAF EU 7.02
GUIDED PROCEDURES CORE 7.10
GUIDED PROCEDURES CORE 7.11
GUIDED PROCEDURES CORE 7.20
GUIDED PROCEDURES CORE 7.30
GUIDED PROCEDURES CORE 7.31
GUIDED PROCEDURES CORE 7.40
GUIDED PROCEDURES CORE 7.50
GUIDED PROCEDURES UI ITG 7.50
5. SOLUTIONS AND WORKAROUNDS
To correct this vulnerability, install SAP Security Note 2344524
6. AUTHOR
Roman Bezhan (ERPScan)
7. TECHNICAL DESCRIPTION
An anonymous attacker can use caf~eu~gp~example~timeoff~wd component
to get users information defined in the system. He should click
"Change processor" and start to search users by name in new open below
dialog box.
7.1. Proof of Concept
http://SAP_INSTANCE:50000/webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd/com.sap.caf.eu.gp.example.timeoff.wd.create.ACreate#
http://SAP_INSTANCE:50000/webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd/ACreate
8. REPORT TIMELINE
Sent: 12.07.2016
Vendor response: 13.07.2016
Date of Public Advisory: 13.09.2016
# 0day.today [2018-03-19] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
21 Dec 2016 00:00Current
7.1High risk
Vulners AI Score7.1
EPSS0.00993