漏洞类别:CGI
漏洞等级: 
漏洞信息
SAP NetWeaver Application Server (AS) or SAP Web Application Server is a component of the solution which works as a web application server to SAP solutions.
The vulnerability exists in the implemented webdynpro service, which is an example of application to create a time-off request. Though this should not be activated on production SAP NetWeaver AS systems, it is installed by default and not disabled, leading to the vulnerability.
漏洞危害
Successful exploitation of this vulnerability allows an unauthenticated, remote attacker to remotely obtain the list of SAP users from the system by exploiting an information disclosure vulnerability in the webdynpro service.
解决方案
Customers are advised to follow the SAP Security Note 2344524 for remediation instructions.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论