Design/Logic Flaw

2014-04-3014:22:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.0%

JSON

SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection.

References

scn.sap.com/docs/DOC-8218

seclists.org/fulldisclosure/2014/Apr/301

www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008

www.securityfocus.com/bid/67104

service.sap.com/sap/support/notes/1922547