Information disclosure in Sap Netweaver

CVE-2015-2817

The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768.

Vulnerability class: Information Disclosure

EPSS: 0.004 (63.2th percentile) — read the EPSS interpretation.

Affected products

Sap Netweaver — versions 7.40
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_MISC)
73705 (vdb-entry, x_refsource_BID)
20150625 [ERPSCAN-15-007] SAP Management Console ReadProfile Parameters - Information disclosure (mailing-list, x_refsource_BUGTRAQ)
20150623 ERPSCAN Research Advisory [ERPSCAN-15-007] SAP Management Console ReadProfile Parameters - Information disclosure (mailing-list, x_refsource_FULLDISC)