Information Disclosure in Hybris Management Console by SAP
CVE-2016-6859

4.3MEDIUM

Key Information:

Vendor: SAP
Status: Hybris
Vendor: CVE Published:; 31 December 2016

Summary

The Hybris Management Console (HMC) in SAP Hybris versions prior to 6.0 contains a vulnerability that allows remote attackers to extract sensitive information. By deliberately triggering an error, an attacker can read the Java stack trace, which may reveal important implementation details and sensitive data, potentially leading to further exploitation.

References

https://www.compass-security.com/fileadmin/Datein/Researc...

x_refsource_MISC

http://www.securityfocus.com/bid/93959

vdb-entryx_refsource_BID

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 31, 2016
Vulnerability Reserved
Aug 18, 2016