SAP.Internet.Transaction.Server.Information.Disclosure
Description
It indicates an attacker attempted to exploit a bug in Sap Internet Server that if successful, would reveal sensitive information about the system. The SAP Internet Transaction server can leak sensitive information about the system of an attacker sends a specially-crafted HTTP request to the wgate.dll library. If the request contains a non-existing value for the service, templatelanguage, language, theme, or template parameter the resulting error message reveals the sensitive information.
Affected Products
SAP Internet Transaction Server 4620.2.0.323011 Build 46B.323011
Impact
Information Leakage
Recommended Actions
Apply appropriate patch from the vendor or Upgrade to non-vulnerable version if available.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |