CVE-2015-2817

Published: Apr 1, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768.

Affected (1)

Products: Sap: Netweaver

Sap

1 product

Netweaver

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Netweaver	Version 7.40

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

http://packetstormsecurity.com/files/132359/SAP-Management-Console-Information-Disclosure.html

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2015/Jun/65

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/535829/100/800/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/73705

Source: cve@mitre.org

https://erpscan.io/advisories/erpscan-15-007-sap-management-console-readprofile-parameters-information-disclosure/

Source: cve@mitre.org

http://packetstormsecurity.com/files/132359/SAP-Management-Console-Information-Disclosure.html