SAP Financial Services Claims Management User Enumeration Vulnerability in RFC Function ICL_USER_GET_NAME_AND_ADDRESS
Vulnerability
A vulnerability exists in the SAP Financial Services Claims Management RFC function ICL_USER_GET_NAME_AND_ADDRESS, allowing for user enumeration and potential disclosure of personal data. This issue arises from discrepancies in response data, leading to a low impact on confidentiality, with no effect on integrity or availability.
Impact
Exploitation of this vulnerability could result in unauthorized user enumeration and the potential disclosure of personal data, according to SAP.
Remediation
Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform, where all Security Notes are available. It is recommended to implement these security corrections as a priority.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.