SAP.ITS.AGate.Path.Disclosure

description-logoDescription

It indicates a possible exploit of information disclosure vulnerability in SAP Internet Transaction Server (ITS).


SAP Internet Transaction Server (ITS) is an interface used to integrate SAP software to the Internet for Microsoft Windows, Linux, and Unix-based operating systems. SAP ITS versions prior to 6.20 PL7, 6.10 PL30, and 4.6 PL463 could allow a remote attacker to obtain sensitive information, caused by a vulnerability in the AGate component. A remote attacker could send a specially-crafted URL containing ~command=AgateInstallCheck to cause the server to disclose the installation path and version numbers of installed DLL files.


affected-products-logoAffected Products

SAP ITS versions prior to 6.20 PL7, 6.10 PL30, and 4.6 PL463

Impact logoImpact

Compromise of the affected system.

recomended-action-logoRecommended Actions

Apply appropriate patch from the vendor if available.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)