CVE-2019-0338

Name of the Vulnerable Software and Affected Versions SAP Gateway versions 750 through 753

Description The issue is related to the improper setting of HTTP Header attributes cache-control and pragma during an OData V2/V4 request, allowing an attacker to access restricted information. This results in information disclosure. The vulnerability is associated with a lack of protection for service data in the SAP Gateway environment, which can be exploited by a remote attacker to disclose protected information due to incorrectly set HTTP headers.

Recommendations For SAP Gateway versions 750 through 753, update the HTTP Header attributes to properly set cache-control and pragma to prevent information disclosure. As a temporary workaround, consider restricting access to sensitive information until the issue is resolved.