Skip links
🔥🔥🔥 Join us for our upcoming training session at Black Hat MEA: "Securing SAP Systems: Expert Insights and Penetration Testing Techniques" 🛡️🔍

Potential information disclosure relating to processes, SAP security note 1507266

Description

When working with Xcelsius dashboards that display BW data in the BEx runtime it can happen that exceptions are raised. These exceptions were rendered as an HTML error page including stack trace information and presented to the user. This information could have been used by malicious users to start specialised attacks.

Available fix and Supported packages

  • BI-BASE-E | 7.30 | 7.30
  • BI-BASE-B | 7.30 | 7.30
  • BI-BASE-S | 7.30 | 7.30
  • BIWEBAPP | 7.30 | 7.30
  • BI BASE EXPORT SERVICES 7.30 | SP005 | 000000
  • BI BASE FOUNDATION 7.30 | SP005 | 000000
  • BI BASE SERVICES 7.30 | SP005 | 000000
  • BI WEB APPLICATIONS 7.30 | SP005 | 000000

Affected component

    BW-BEX-ET
    Enduser Technology

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1507266

TAGS

#Information-disclosure
#BEx-Web
#Xcelsius-dashboard

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer