Description
A vulnerability exists in the Web Dynpro chat application named Real Time Collaboration (RTC). An unauthenticated user can retrieve the list of SAP users, groups and roles.
Remediation
Install SAP Security Note 2255990.
References
Related Vulnerabilities
Content Security Policy Misconfiguration
Misconfigured Access-Control-Allow-Origin Header
Apache Axis2 administration console weak password
WordPress Plugin Theme Editor Arbitrary File Download (2.5)
Serendipity Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3800)