Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
SAP NetWeaver Java AS WD_CHAT information disclosure vulnerability - Vulnerability Database

SAP NetWeaver Java AS WD_CHAT information disclosure vulnerability

Description

A vulnerability exists in the Web Dynpro chat application named Real Time Collaboration (RTC). An unauthenticated user can retrieve the list of SAP users, groups and roles.

Remediation

Install SAP Security Note 2255990.

References

[ERPSCAN-16-016] SAP NetWeaver Java AS WD_CHAT - Information disclosure vulnerability

Related Vulnerabilities

Trace.axd Detected High
Common tags: Configuration Information Disclosure
Apache stronghold-status enabled Low
Common tags: Configuration Information Disclosure
JBoss Server MBean High
Common tags: Configuration Information Disclosure
JBoss JMX Console Unrestricted Access High
Common tags: Configuration Information Disclosure
JBoss Web Console JMX Invoker High
Common tags: Configuration Information Disclosure

Severity

Medium

Classification

CWE-200
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration
Information Disclosure