Description

A vulnerability exists in the Web Dynpro chat application named Real Time Collaboration (RTC). An unauthenticated user can retrieve the list of SAP users, groups and roles.

Remediation

Install SAP Security Note 2255990.

References

[ERPSCAN-16-016] SAP NetWeaver Java AS WD_CHAT - Information disclosure vulnerability

Related Vulnerabilities

Content Security Policy Misconfiguration

Misconfigured Access-Control-Allow-Origin Header

Apache Axis2 administration console weak password

WordPress Plugin Theme Editor Arbitrary File Download (2.5)

Serendipity Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3800)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure