SAP.ITS.AGate.Path.Disclosure
Description
It indicates a possible exploit of information disclosure vulnerability in SAP Internet Transaction Server (ITS).
SAP Internet Transaction Server (ITS) is an interface used to integrate SAP software to the Internet for Microsoft Windows, Linux, and Unix-based operating systems. SAP ITS versions prior to 6.20 PL7, 6.10 PL30, and 4.6 PL463 could allow a remote attacker to obtain sensitive information, caused by a vulnerability in the AGate component. A remote attacker could send a specially-crafted URL containing ~command=AgateInstallCheck to cause the server to disclose the installation path and version numbers of installed DLL files.
Affected Products
SAP ITS versions prior to 6.20 PL7, 6.10 PL30, and 4.6 PL463
Impact
Compromise of the affected system.
Recommended Actions
Apply appropriate patch from the vendor if available.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |