Description

The SAP Management Console (SAP MC) provides a common framework for centralized system management. It allows you to monitor and perform basic administration tasks on the SAP system centrally, which simplifies system administration. The SAP Management Console exposes certain methods which allows an unauthenticated user to access sensitive information such as the list of available logfiles and developer tracefiles through the SAP Management Console SOAP Interface.

Remediation

Install SAP security note 1439348.

References

sap_mgmt_con_listlogfiles

Related Vulnerabilities

WordPress 5.1.x Multiple Vulnerabilities (5.1 - 5.1.10)

WordPress Plugin LearnDash LMS Multiple Information Disclosure Vulnerabilities (4.10.2)

WordPress Plugin Simple Download Button Shortcode 'file' Parameter Information Disclosure (1.0)

Web Cache Deception

WordPress Plugin Google Drive for WordPress Information Disclosure (2.2)

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure