Information Disclosure in SAP RFC Library Versions 6.40 and 7.00
CVE-2007-1914

Currently unrated

Key Information:

Vendor: SAP
Status: Rfc Library
Vendor: CVE Published:; 10 April 2007

What is CVE-2007-1914?

The RFC_START_PROGRAM function in SAP's RFC Library versions 6.40 and 7.00 prior to December 11, 2006, is susceptible to a vulnerability that enables remote attackers to retrieve sensitive information, specifically external RFC server configuration data. This flaw can be exploited through various unspecified vectors, highlighting a significant risk to users of these affected versions. It is essential for organizations utilizing this library to apply the necessary updates and mitigate potential security threats.

References

http://securityreason.com/securityalert/2538

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/bid/23313

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/464678/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2007
Vulnerability Reserved
Apr 10, 2007