Vigil@nce - SAP Management Console: two vulnerabilities
January 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can use two vulnerabilities of SAP Management Console,
in order to create a denial of service or to obtain sensitive
information.
Severity: 2/4
Creation date: 06/01/2011
IMPACTED PRODUCTS
– SAP ERP
DESCRIPTION OF THE VULNERABILITY
Two vulnerabilities were announced in SAP Management Console.
An unauthenticated attacker can connect to the console and then
require the service to be restarted. [severity:2/4; BID-45778,
ONAPSIS-2011-001]
An unauthenticated attacker can connect to the console and then
call public methods of the sapstartsrv SOAP server, in order to
obtain sensitive information. [severity:2/4; BID-45780,
ONAPSIS-2011-002]
An attacker can therefore create a denial of service or obtain
sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/SAP-Management-Console-two-vulnerabilities-10252