SAP RFC Library Security Issue Affecting User and Group Verification
CVE-2007-1913

Currently unrated

Key Information:

Vendor: SAP
Status: Rfc Library
Vendor: CVE Published:; 10 April 2007

What is CVE-2007-1913?

The SAP RFC Library versions 6.40 and 7.00 prior to December 11, 2006, contain a vulnerability in the TRUSTED_SYSTEM_SECURITY function that allows remote attackers to verify the existence of users and groups across systems and domains. This vulnerability poses significant risks as it may aid attackers in planning further exploits against the affected systems.

References

http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_T...

x_refsource_MISC

http://www.securityfocus.com/bid/23305

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/464669/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Apr 10, 2007
Vulnerability Reserved
Apr 10, 2007