Description
Under certain conditions SAP Gateway of ABAP Application Server allows an attacker to access information which would otherwise be restricted.
Some well-known impacts of Information Disclosure are –
- loss of information and system configuration confidentiality
- information gathering for further exploits and attacks
Available fix and Supported packages
- SAP_GWFND | 750 | 750
- SAP_GWFND | 751 | 751
- SAP_GWFND | 752 | 752
- SAP_GWFND | 753 | 753
- SAP_BASIS | 750 | 753
- SAP_GWFND 750 | SAPK-75014INSAPGWFND |
- SAP_GWFND 751 | SAPK-75108INSAPGWFND |
- SAP_GWFND 752 | SAPK-75204INSAPGWFND |
- SAP_GWFND 753 | SAPK-75302INSAPGWFND |
Affected component
- OPU-GW-COR
Framework
CVSS
Score: 4.3
CVSS:/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2723142
