Name of the Vulnerable Software and Affected Versions SAP NetWeaver (affected versions not specified)

Description The issue is related to insufficient data protection in the MembersApp component of the SAP NetWeaver platform. It allows a remote attacker to disclose user information, such as listing user names, by exploiting a timing difference in responses between valid and invalid user names.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.