Description

A vulnerability exists in the Web Dynpro chat application named Real Time Collaboration (RTC). An unauthenticated user can retrieve the list of SAP users, groups and roles.

Remediation

Install SAP Security Note 2255990.

References

[ERPSCAN-16-016] SAP NetWeaver Java AS WD_CHAT - Information disclosure vulnerability

Related Vulnerabilities

WordPress Plugin Formidable Form Builder-Contact Form, Survey & Quiz Forms for WordPress Information Disclosure (2.0.07)

Firebase database accessible without authentication

WordPress Plugin WP-Mon Arbitrary File Disclosure (0.5.1)

Adobe Experience Manager Information Disclosure via Apache Sling v2.3.6 vulnerability

Yii2 debug toolkit

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Configuration Information Disclosure