PT-2016-1282 · Sap · Sap Netweaver As Java
Vahagn Vardanyan
·
Published
2016-02-16
·
Updated
2025-02-04
·
CVE-2016-2388
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SAP NetWeaver AS JAVA version 7.4
Description
The issue is related to insufficient access control in the Universal Worklist Configuration component of SAP NetWeaver, allowing remote attackers to obtain sensitive user information via a crafted HTTP request.
Recommendations
For SAP NetWeaver AS JAVA version 7.4, apply the fix as described in SAP Security Note 2256846 to resolve the issue.
Exploit
Fix
Improper Access Control
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sap Netweaver As Java