Description

The SAP Management Console (SAP MC) provides a common framework for centralized system management. It allows you to monitor and perform basic administration tasks on the SAP system centrally, which simplifies system administration. The SAP Management Console exposes certain methods which allows an unauthenticated user to access sensitive information such as user list from ABAP syslog through the SAP Management Console SOAP Interface.

Remediation

Install SAP security note 1439348.

References

sap_mgmt_con_extractusers

Related Vulnerabilities

XOOPS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3822)

WordPress Plugin SKU Shortlink For WooCommerce Arbitrary File Disclosure (1.3.4)

WordPress Plugin Duplicate Page Multiple Vulnerabilities (2.3)

WordPress Plugin Multi Plugin Installer Arbitrary File Disclosure (1.1.0)

WordPress Plugin RocketTheme RokBox Multiple Vulnerabilities (2.13)

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure