Description
Under certain conditions SAP java startup / jstart allows an attacker to access information which would otherwise be restricted.
Some well-known impacts of Information Disclosure are –
- loss of information and system configuration confidentiality
- information gathering for further exploits and attacks
Available fix and Supported packages
- KRNL32NUC | 7.21 | 7.21
- KRNL32NUC | 7.21EXT | 7.21EXT
- KRNL32UC | 7.21 | 7.21
- KRNL32UC | 7.21EXT | 7.21EXT
- KRNL64NUC | 7.21 | 7.21
- KRNL64NUC | 7.21EXT | 7.21EXT
- KRNL64NUC | 7.22 | 7.22
- KRNL64NUC | 7.22EXT | 7.22EXT
- KRNL64NUC | 7.49 | 7.49
- KRNL64UC | 7.21 | 7.21
- KRNL64UC | 7.21EXT | 7.21EXT
- KRNL64UC | 7.22 | 7.22
- KRNL64UC | 7.22EXT | 7.22EXT
- KRNL64UC | 7.49 | 7.49
- KRNL64UC | 7.53 | 7.53
- KERNEL | 7.21 | 7.22
- KERNEL | 7.45 | 7.45
- KERNEL | 7.49 | 7.49
- KERNEL | 7.53 | 7.53
- SAP KERNEL 7.21 32-BIT | SP1210 | 001210
- SAP KERNEL 7.21 32-BIT UNICODE | SP1210 | 001210
- SAP KERNEL 7.21 64-BIT | SP1210 | 001210
- SAP KERNEL 7.21 64-BIT UNICODE | SP1210 | 001210
- SAP KERNEL 7.21 EXT 64-BIT | SP1210 | 001210
- SAP KERNEL 7.21 EXT 64-BIT UC | SP1210 | 001210
- SAP KERNEL 7.22 64-BIT | SP720 | 000720
- SAP KERNEL 7.22 64-BIT UNICODE | SP720 | 000720
- SAP KERNEL 7.22 EXT 64-BIT | SP720 | 000720
- SAP KERNEL 7.22 EXT 64-BIT UC | SP720 | 000720
- SAP KERNEL 7.45 64-BIT | SP832 | 000832
- SAP KERNEL 7.45 64-BIT UNICODE | SP832 | 000832
- SAP KERNEL 7.49 64-BIT | SP622 | 000622
- SAP KERNEL 7.49 64-BIT UNICODE | SP622 | 000622
- SAP KERNEL 7.53 64-BIT | SP410 | 000410
- SAP KERNEL 7.53 64-BIT UNICODE | SP410 | 000410
Affected component
- BC-JAS-SF
Startup Framework
CVSS
Score: 5.3
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2738791