Description
SAP NetWeaver AS Java Heap Dump Application allows an attacker to exploit certain misconfigured application endpoints to read sensitive data without authentication. These endpoints are normally exposed over the network and successful exploitation can lead to exposure of data like Host Name, server Node and the installation path that could help the attacker collect information about NetWeaver implementation.
Available fix and Supported packages
- CFG_ZA | 7.30 | 7.30
- CFG_ZA | 7.31 | 7.31
- CFG_ZA | 7.40 | 7.40
- CFG_ZA | 7.50 | 7.50
- ZERO ADMIN CONFIG 7.30 | SP019 | 000001
- ZERO ADMIN CONFIG 7.30 | SP020 | 000001
- ZERO ADMIN CONFIG 7.30 | SP021 | 000000
- ZERO ADMIN CONFIG 7.31 | SP025 | 000001
- ZERO ADMIN CONFIG 7.31 | SP026 | 000001
- ZERO ADMIN CONFIG 7.31 | SP027 | 000000
- ZERO ADMIN CONFIG 7.40 | SP020 | 000001
- ZERO ADMIN CONFIG 7.40 | SP021 | 000001
- ZERO ADMIN CONFIG 7.40 | SP022 | 000000
- ZERO ADMIN CONFIG 7.50 | SP016 | 000001
- ZERO ADMIN CONFIG 7.50 | SP017 | 000000
Affected component
- BC-JAS-ADM-ADM
Administration
CVSS
Score: 5.3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2838835
