Description
Under certain conditions SRM Catalog allows an attacker to access information which would otherwise be restricted.
Some well-known impacts of Information Disclosure are –
- loss of information and system configuration confidentiality
- information gathering for further exploits and attacks
Available fix and Supported packages
- SRM_SERVER | 700 | 700
- SRM_SERVER | 701 | 701
- SRM_SERVER | 702 | 702
- SRM_SERVER | 713 | 713
- SRM_SERVER | 714 | 714
- SRM_SERVER 714 | SAPK-71414INSRMSRV |
- SRM_SERVER 700 | SAPKIBKV24 |
- SRM_SERVER 701 | SAPK-70120INSRMSRV |
- SRM_SERVER 702 | SAPK-70226INSRMSRV |
- SRM_SERVER 713 | SAPK-71321INSRMSRV |
Affected component
- SRM-CAT-MDM
MDM Catalog
CVSS
Score: 6.5
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2883638
