Description
Under certain conditions Web Dynpro ABAP applications allow an attacker to access information about host names used in conjunction with a web dispatcher, which would otherwise be restricted.
Some well-known impacts of Information Disclosure are –
- loss of information and system configuration confidentiality
- information gathering for further exploits and attacks
Available fix and Supported packages
- SAP_UI | 750 | 750
- SAP_UI | 751 | 751
- SAP_UI | 752 | 752
- SAP_UI | 753 | 753
- SAP_UI | 754 | 754
- SAP_BASIS | 702 | 702
- SAP_BASIS | 730 | 730
- SAP_BASIS | 731 | 731
- SAP_BASIS | 804 | 804
- SAP_BASIS | 778 | 778
- SAP_UI 750 | SAPK-75017INSAPUI |
- SAP_UI 751 | SAPK-75112INSAPUI |
- SAP_UI 752 | SAPK-75209INSAPUI |
- SAP_UI 753 | SAPK-75306INSAPUI |
- SAP_UI 754 | SAPK-75402INSAPUI |
- SAP_BASIS 702 | SAPKB70223 |
- SAP_BASIS 804 | SAPK-804H0INSAPBASIS |
- SAP_BASIS 730 | SAPKB73021 |
- | SAPK-779BHINSAPBASIS |
- SAP_BASIS 731 | SAPKB73127 |
- SAP_BASIS 778 | SAPK-77804INSAPBASIS |
Affected component
- BC-WD-ABA
Web Dynpro ABAP
CVSS
Score: 5.3
CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2819233