Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure.
References
Link | Resource |
---|---|
https://launchpad.support.sap.com/#/notes/2741201 | Permissions Required Vendor Advisory |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: sap
Published: 2019-04-10T20:13:45
Updated: 2019-04-10T20:32:08
Reserved: 2018-11-26T00:00:00
Link: CVE-2019-0278
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-04-10T21:29:01.107
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-0278
JSON object: View
Redhat Information
No data.
CWE