SAP NetWeaver Web Dynpro 6.4 to 7.5 Information disclosure

2018.05.19
Credit: Richard Alviarez
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Application: SAP NetWeaver Web Dynpro 6.4 to 7.5 - Information disclosure # Versions Affected: SAP NetWeaver 6.4 - 7.5 # Vendor URL: http://SAP.com # Bugs: Information disclosure (Enumerate users) # Sent: 2016-12-15 # Reported: 2016-12-15 # Date of Public Advisory: 09.02.2016 # Reference: SAP Security Note 2344524 # Author: Richard Alviarez (SIA Group) # CVE: N/A # 1. ADVISORY INFORMATION # Title: SAP NetWeaver Web Dynpro – information disclosure (Enumerate users) # Advisory ID: 2344524 # Risk: Medium # Date published: 20.12.2016 # 2. VULNERABILITY DESCRIPTION # Anonymous attacker can use a special HTTP request to get information # about SAP NetWeaver users. # 3. VULNERABLE PACKAGES # SAP NetWeaver Web Dynpro 6.4 - 7.5 # Other versions are probably affected too, but they were not checked. # 4. TECHNICAL DESCRIPTION # A potential attacker can use the vulnerability in order to reveal # information about user names, # first and last names, and associated emails, this can provide an attacker # with enough information # to make a more accurate and effective attack # Steps to exploit this vulnerability 1. Open http://SAP/webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd/ACreate or http://SAP/webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd/com.sap.caf.eu.gp.example.timeoff.wd.create.ACreate page on SAP server 2. Press "Change processor" button 3. and in the "find" section, put the initial or name to be searched, followed by a * You will get a list of SAP users and information.


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top