SAP Netweaver AS ABAP 信息泄露漏洞

漏洞信息详情

SAP NetWeaver是德国思爱普（SAP）公司的一套面向服务的集成化应用平台，该平台可为SAP应用提供开发和运行环境。SAP Netweaver AS ABAP是一款运行于NetWeaver中且基于ABAP高级编程语言的应用服务器。

SAP Netweaver AS ABAP 7.31版本的Business Warehouse (BW)中存在安全漏洞。远程攻击者可通过向‘RSDU_CCMS_GET_PROFILE_PARAM RFC’函数发送请求利用该漏洞获取敏感信息。

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接：

https://service.sap.com/sap/support/notes/1967780

来源:FULLDISC

链接:http://seclists.org/fulldisclosure/2014/Oct/38

来源:packetstormsecurity.com

链接:http://packetstormsecurity.com/files/128603/SAP-Business-Warehouse-Missing-Authorization-Check.html

来源:BID

链接:http://www.securityfocus.com/bid/70292

来源:scn.sap.com

链接:http://scn.sap.com/docs/DOC-8218

来源:XF

链接:http://xforce.iss.net/xforce/xfdb/96877

来源:BUGTRAQ

链接:http://www.securityfocus.com/archive/1/archive/1/533645/100/0/threaded

来源:service.sap.com

链接:https://service.sap.com/sap/support/notes/1967780

来源:www.onapsis.com

链接:http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-033

暂无