CVE-2015-2817

Name of the Vulnerable Software and Affected Versions SAP NetWeaver version 7.40

Description The issue allows remote attackers to obtain sensitive information. This can be achieved via the ReadProfile parameters in the SAP Management Console. Additionally, the vulnerability exists due to a lack of restrictions on remote function calls, specifically the GetSystemInstanceList function. An attacker can exploit this by sending a specially crafted SOAP request to gain information about the integration platform and operating system.

Recommendations For SAP NetWeaver version 7.40, consider restricting access to the GetSystemInstanceList function and limiting the use of the ReadProfile parameters until a patch is available. As a temporary workaround, disabling remote function calls for GetSystemInstanceList may help minimize the risk of exploitation.