A vulnerability, which was classified as problematic, was found in SAP NetWeaver Gateway up to 2.0 SP5 (Solution Stack Software). This affects an unknown part of the component Request Handler. The manipulation with an unknown input leads to a information disclosure vulnerability. CWE is classifying the issue as CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. This is going to have an impact on confidentiality.

The weakness was presented 05/14/2013 by Alexandr Polyakov, Alexey Sintsov, Alexey Tyurin, Dmitry Chastukhin and Dmitry Evdokimov with ERPScan as 25446 as confirmed exploit (Exploit-DB). It is possible to read the advisory at exploit-db.com. The vendor was not involved in the public release. The exploitability is told to be easy. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details are unknown but a public exploit is available. The attack technique deployed by this issue is T1592 according to MITRE ATT&CK.

A public exploit has been developed by metasploit (nmonkee) and been published immediately after the advisory. The exploit is shared for download at exploit-db.com. It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $5k-$25k.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at Exploit-DB (25446). Further details are available at labs.mwrinfosecurity.com. See 8822, 8824, 8825 and 8826 for similar entries.

Productinfo

Type

• Solution Stack Software

Vendor

• SAP

Name

• NetWeaver Gateway

Version

• 2.0 SP5

License

• commercial

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion