Description
An attacker can discover AS Java related information by using the AS Java’s logon application.
This information could be used to allow the attacker to specialize the attacks against the AS Java and its logon application.
Available fix and Supported packages
- ENGINEAPI | 7.10 | 7.11
- ENGINEAPI | 7.20 | 7.20
- ENGINEAPI | 7.30 | 7.30
- ENGINEAPI | 7.31 | 7.31
- ENGINEAPI | 7.40 | 7.40
- SAP-JEECOR | 7.00 | 7.00
- SAP-JEECOR | 7.01 | 7.02
- SERVERCORE | 7.10 | 7.10
- SERVERCORE | 7.11 | 7.11
- SERVERCORE | 7.20 | 7.20
- SERVERCORE | 7.30 | 7.30
- SERVERCORE | 7.31 | 7.31
- SERVERCORE | 7.40 | 7.40
- ENGINEAPI 7.10 | SP018 | 000004
- ENGINEAPI 7.10 | SP019 | 000000
- ENGINEAPI 7.11 | SP013 | 000005
- ENGINEAPI 7.11 | SP014 | 000000
- ENGINEAPI 7.20 | SP009 | 000021
- ENGINEAPI 7.30 | SP010 | 000013
- ENGINEAPI 7.30 | SP011 | 000006
- ENGINEAPI 7.30 | SP012 | 000001
- ENGINEAPI 7.30 | SP013 | 000000
- ENGINEAPI 7.31 | SP008 | 000017
- ENGINEAPI 7.31 | SP010 | 000008
- ENGINEAPI 7.31 | SP011 | 000005
- ENGINEAPI 7.31 | SP012 | 000002
- ENGINEAPI 7.31 | SP013 | 000001
- ENGINEAPI 7.31 | SP014 | 000000
- ENGINEAPI 7.40 | SP003 | 000016
- ENGINEAPI 7.40 | SP005 | 000009
- ENGINEAPI 7.40 | SP006 | 000005
- ENGINEAPI 7.40 | SP007 | 000002
- ENGINEAPI 7.40 | SP008 | 000015
Affected component
- BC-JAS-SEC-LGN
Logon, SSO
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1979543