SAP NetWeaver Application Server Java Information Disclosure Vulnerability

An information disclosure vulnerability has been identified in SAP NetWeaver Application Server Java. This vulnerability allows unauthorized access to internal metadata files through manipulated URLs. An unauthenticated attacker could exploit this by inserting arbitrary path components into the request, leading to unauthorized access to sensitive application metadata. As a result, there is a partial compromise of confidentiality, while integrity and availability remain unaffected.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive application metadata, causing a partial compromise of confidentiality.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform, where users can find the complete list of all SAP Security Notes. It is recommended to implement these security corrections as a priority.