In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see. No information alteration or denial of service is possible.
[
{
"product": "SAP NetWeaver AS for ABAP and ABAP Platform",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "< 701"
},
{
"status": "affected",
"version": "< 702"
},
{
"status": "affected",
"version": "< 711"
},
{
"status": "affected",
"version": "< 730"
},
{
"status": "affected",
"version": "< 731"
},
{
"status": "affected",
"version": "< 740"
},
{
"status": "affected",
"version": "< 750"
},
{
"status": "affected",
"version": "< 751"
},
{
"status": "affected",
"version": "< 752"
},
{
"status": "affected",
"version": "< 753"
},
{
"status": "affected",
"version": "< 754"
},
{
"status": "affected",
"version": "< 755"
},
{
"status": "affected",
"version": "< 756"
},
{
"status": "affected",
"version": "< 786"
}
]
}
]