SAP ICF /sap/public/info sensitive information disclosure
Description
The SAP Internet Communication Framework (ICF) service at /sap/public/info is publicly accessible without authentication. This endpoint exposes detailed system information including the SAP NetWeaver version, operating system details, database type, IP addresses, and installation paths. This information disclosure vulnerability allows unauthorized users to gather intelligence about the SAP environment, which can be leveraged for targeted attacks.
Remediation
Restrict or disable the /sap/public/info ICF service unless it is explicitly required for business operations. To deactivate this service:
1. Log into the SAP system with administrative privileges
2. Execute transaction code SICF (Maintain Services)
3. Navigate to the service path: default_host/sap/public/info
4. Right-click on the info service and select 'Deactivate Service'
5. Confirm the deactivation
If the service must remain active for internal use, implement authentication requirements and restrict access using ICF service-level authorization checks or network-level controls (firewall rules, IP whitelisting) to limit access to trusted internal networks only. Regularly review all active ICF services to ensure they follow the principle of least privilege.