SAP.Internet.Transaction.Server.Information.Disclosure

description-logoDescription

It indicates an attacker attempted to exploit a bug in Sap Internet Server that if successful, would reveal sensitive information about the system. The SAP Internet Transaction server can leak sensitive information about the system of an attacker sends a specially-crafted HTTP request to the wgate.dll library. If the request contains a non-existing value for the service, templatelanguage, language, theme, or template parameter the resulting error message reveals the sensitive information.

affected-products-logoAffected Products

SAP Internet Transaction Server 4620.2.0.323011 Build 46B.323011

Impact logoImpact

Information Leakage

recomended-action-logoRecommended Actions

Apply appropriate patch from the vendor or Upgrade to non-vulnerable version if available.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)