Information Disclosure in SAP through Remote Function Call
CVE-2006-6010

Currently unrated

Key Information:

Vendor

SAP
Status
SAP Web Application Server
Vendor
CVE Published:
21 November 2006

What is CVE-2006-6010?

SAP systems are susceptible to an information disclosure vulnerability that allows remote attackers to gain access to potentially sensitive data. The flaw occurs via an RFC_SYSTEM_INFO RfcCallReceive request, which can expose details such as the underlying operating system and the version of SAP in use. This information can be leveraged by attackers to plan further exploits, thereby increasing the risk to the integrity and confidentiality of the SAP environment.

References

http://securityreason.com/securityalert/1889
third-party-advisoryx_refsource_SREASON
https://exchange.xforce.ibmcloud.com/vulnerabilities/39997
vdb-entryx_refsource_XF
http://www.securityfocus.com/archive/1/451378/100/0/threaded
mailing-listx_refsource_BUGTRAQ

EPSS Score

17% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.