Potential information disclosure relating to password, SAP security note 1495675
Description
An attacker can discover information relating to user password and name of user who uses NWDS to connect to NWDI server. This information could be used to allow the attacker to specialize their
attacks against NWDI server.
Available fix and Supported packages
- DI_CBS | 7.11 | 7.11
- DI_CBS | 7.20 | 7.20
- DI_CBS | 7.30 | 7.30
- DI_CLIENTS | 7.11 | 7.11
- DI_CLIENTS | 7.20 | 7.20
- DI_CLIENTS | 7.30 | 7.30
- NWCEIDE | 7.11 | 7.11
- NWCEIDE | 7.20 | 7.20
- NWCEIDE | 7.30 | 7.30
- DI CLIENTS 7.11 | SP002 | 000002
- DI CLIENTS 7.11 | SP003 | 000002
- DI CLIENTS 7.11 | SP004 | 000003
- DI CLIENTS 7.11 | SP005 | 000004
- DI CLIENTS 7.11 | SP006 | 000000
- DI CLIENTS 7.20 | SP001 | 000001
- DI CLIENTS 7.20 | SP002 | 000001
- DI CLIENTS 7.20 | SP003 | 000001
- DI CLIENTS 7.20 | SP004 | 000000
- DI COMPONENT BUILD SERVER 7.11 | SP002 | 000001
- DI COMPONENT BUILD SERVER 7.11 | SP003 | 000001
- DI COMPONENT BUILD SERVER 7.11 | SP004 | 000001
- DI COMPONENT BUILD SERVER 7.11 | SP005 | 000001
- DI COMPONENT BUILD SERVER 7.11 | SP006 | 000000
- DI COMPONENT BUILD SERVER 7.20 | SP001 | 000001
- DI COMPONENT BUILD SERVER 7.20 | SP002 | 000001
- DI COMPONENT BUILD SERVER 7.20 | SP003 | 000001
- DI COMPONENT BUILD SERVER 7.20 | SP004 | 000000
- NW CE DEVELOPER STUDIO 7.11 | SP002 | 000012
- NW CE DEVELOPER STUDIO 7.11 | SP003 | 000008
Affected component
- BC-CTS-DI
Development Infrastructure (NetWeaver Java)
CVSS
Score: 0
Exploit
Exploit is not available.
For detailed information please contact the mail [email protected]
URL
https://launchpad.support.sap.com/#/notes/1495675