Application: SAP NetWeaver **Versions Affected:**SAP NetWeaver 7.1 – 7.5 Vendor URL: SAP **Bugs:**Information disclosure **Reported:**04.12.2015 **Vendor response:**05.12.2015 **Date of Public Advisory:**08.03.2016 **Reference:**SAP Security Note 2255990 Author: Vahagn Vardanyan (ERPScan)
Class: Information disclosure
Impact: Private data leakage
Remotely Exploitable: Yes
Locally Exploitable: No
CVE: CVE-2016-3973
CVSS Information
CVSS Base Score v3: 4.3 / 10
CVSS Base Vector:
AV : Access Vector (Related exploit range) | Network (N) |
---|---|
AC : Access Complexity (Required attack complexity) | Low (L) |
Au : Authentication (Level of authentication needed to exploit) | None (N) |
C : Impact to Confidentiality | Low(N) |
I : Impact to Integrity | None(N) |
A : Impact to Availability | None (N) |
Description
Anonymous attacker can use a special HTTP request to get information about SAP NetWeaver users.
Business risk
An attacker can use an Information disclosure vulnerability to reveal additional information (system data, debugging information, etc) which will help him to learn about a system and to plan other attacks.
RTC 7.3-7.4
Other versions are probably affected too, but they were not checked.
To correct this vulnerability, install SAP Security Note 2255990
Anonymous attacker can use a special HTTP request to get information about SAP NetWeaver users.
Steps to exploit the vulnerability
1. open http://SAP:50000/webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat#
2. press “Add users”
3. in the opened window, enter any chars and press search