SAP Support Tools Plug-In Missing Authorization Check Vulnerability Allowing Information Disclosure
Vulnerability
A vulnerability exists in the SAP Support Tools Plug-In due to a lack of proper authorization checks in certain function modules. This flaw allows authenticated attackers to access system information and configuration details. Such information could be used to plan further attacks. The vulnerability has a low impact on confidentiality, with no effects on integrity or availability.
Impact
Exploitation of this vulnerability could lead to unauthorized information disclosure regarding the system and its configuration, potentially aiding an attacker in planning subsequent attacks.
Remediation
Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform, specifically on SAP Security Patch Days, which occur on the second Tuesday of each month.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.