Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP users, leading to Information Disclosure.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Abap_platform | Sap | 7.31 (including) | 7.31 (including) |
| Abap_platform | Sap | 7.40 (including) | 7.40 (including) |
| Abap_platform | Sap | 7.50 (including) | 7.50 (including) |
| Abap_platform | Sap | 700 (including) | 700 (including) |
| Abap_platform | Sap | 701 (including) | 701 (including) |
| Abap_platform | Sap | 702 (including) | 702 (including) |
| Abap_platform | Sap | 710 (including) | 710 (including) |
| Abap_platform | Sap | 711 (including) | 711 (including) |
| Abap_platform | Sap | 751 (including) | 751 (including) |
| Abap_platform | Sap | 753 (including) | 753 (including) |
| Abap_platform | Sap | 755 (including) | 755 (including) |
| Netweaver_application_server_abap | Sap | 700 (including) | 700 (including) |
| Netweaver_application_server_abap | Sap | 701 (including) | 701 (including) |
| Netweaver_application_server_abap | Sap | 702 (including) | 702 (including) |
| Netweaver_application_server_abap | Sap | 710 (including) | 710 (including) |
| Netweaver_application_server_abap | Sap | 711 (including) | 711 (including) |
| Netweaver_application_server_abap | Sap | 731 (including) | 731 (including) |
| Netweaver_application_server_abap | Sap | 740 (including) | 740 (including) |
| Netweaver_application_server_abap | Sap | 750 (including) | 750 (including) |
| Netweaver_application_server_abap | Sap | 751 (including) | 751 (including) |
| Netweaver_application_server_abap | Sap | 753 (including) | 753 (including) |
| Netweaver_application_server_abap | Sap | 755 (including) | 755 (including) |