CVE-2017-5372 in AS JAVA
Summary
by MITRE
The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic, or (5) getClientStatistic function, aka SAP Security Note 2331908.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 05/14/2026
The vulnerability identified as CVE-2017-5372 resides within the P4 SERVERCORE component of SAP Application Server Java, specifically affecting the MSPRuntimeInterface function commonly referred to as msp. This flaw represents a critical authorization bypass vulnerability that enables remote attackers to extract sensitive system information without proper authentication. The vulnerability manifests through five distinct functions including getInformation, getParameters, getServiceInfo, getStatistic, and getClientStatistic, all of which lack proper authorization checks. The affected component operates within the broader SAP ecosystem where unauthorized access to system metadata and operational parameters could significantly compromise the security posture of enterprise environments relying on SAP infrastructure.
From a technical perspective, this vulnerability constitutes a direct violation of the principle of least privilege and proper access control mechanisms. The missing authorization check creates a path where any remote attacker can invoke these functions regardless of their authentication status or role within the SAP system. The functions exposed through this vulnerability provide access to system information such as runtime parameters, service configurations, statistical data, and client-specific metrics that could reveal critical infrastructure details. This type of information disclosure vulnerability falls under the CWE-284 access control weakness category, specifically representing an improper access control scenario where authorization checks are absent or ineffective. The vulnerability's impact is amplified by its remote exploitability, eliminating the need for physical access or prior system compromise to gain access to sensitive operational data.
The operational impact of this vulnerability extends beyond simple information disclosure, as the collected system information could serve as a foundation for more sophisticated attacks. Attackers could leverage the exposed parameters and statistics to understand system configurations, identify potential attack vectors, and map the internal network structure of SAP environments. The collected data might reveal service endpoints, configuration settings, performance metrics, and client connection details that could be used in subsequent exploitation phases. This vulnerability aligns with ATT&CK technique T1082 for system information discovery and could facilitate further reconnaissance activities. Organizations with SAP systems exposed to the internet face significant risk as this vulnerability allows attackers to gather intelligence without requiring credentials or advanced exploitation techniques.
Mitigation strategies for CVE-2017-5372 should prioritize immediate patch application from SAP as outlined in SAP Security Note 2331908. Organizations should implement network segmentation to limit access to SAP components and ensure that SAP systems are not directly exposed to untrusted networks. Access controls should be strengthened through proper role-based access control implementations and regular review of system permissions. Network monitoring should be enhanced to detect unusual access patterns to SAP runtime interfaces, and intrusion detection systems should be configured to alert on suspicious calls to the vulnerable functions. Additionally, organizations should conduct comprehensive security assessments of their SAP environments to identify similar authorization gaps and implement proper input validation and access control mechanisms throughout their systems. The vulnerability demonstrates the critical importance of maintaining up-to-date security patches and implementing robust access control measures in enterprise application environments.