CVE-2017-5372
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic, or (5) getClientStatistic function, aka SAP Security Note 2331908.
La función msp (también conocida como MSPRuntimeInterface) en el componente P4 SERVERCORE en SAP AS JAVA permite a atacantes remotos obtener información sensible del sistema aprovechando una verificación de autorización perdida para la función (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic o (5) getClientStatistic, vulnerabilidad también conocida como SAP Security Note 2331908.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-01-13 CVE Reserved
- 2017-01-19 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/140611/SAP-NetWeaver-AS-Java-P4-MSPRUNTIMEINTERFACE-Information-Disclosure.html | Third Party Advisory |
|
| http://seclists.org/fulldisclosure/2017/Jan/50 | Mailing List |
|
| http://www.securityfocus.com/bid/93504 | Third Party Advisory | |
| https://erpscan.io/advisories/erpscan-16-037-sap-java-p4-mspruntimeinterface-information-disclosure | X_refsource_misc | |
| https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-october-2016 | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|