Description

The SAP Management Console (SAP MC) provides a common framework for centralized system management. It allows you to monitor and perform basic administration tasks on the SAP system centrally, which simplifies system administration. The SAP Management Console exposes certain methods which allows an unauthenticated user to access sensitive information such as user list from ABAP syslog through the SAP Management Console SOAP Interface.

Remediation

Install SAP security note 1439348.

References

sap_mgmt_con_extractusers

Related Vulnerabilities

MediaWiki remote code execution

Yii2 debug toolkit

Python Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-1015)

WordPress Plugin Video Conferencing with Zoom Information Disclosure (3.8.16)

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-4042)

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure