Vulnerabilities > CVE-2003-1038 - Information Disclosure vulnerability in Internet Transaction Server 4620.2.0.323011

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sap

NVD

Published: 2004-04-15

Updated: 2017-07-11

Summary

The AGate component for SAP Internet Transaction Server (ITS) allows remote attackers to obtain sensitive information via a ~command parameter with an AgateInstallCheck value, which provides a list of installed DLLs and full pathnames.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Internet Transaction Server *	1

References

http://www.phenoelit.de/stuff/Phenoelit20c3.pd
https://exchange.xforce.ibmcloud.com/vulnerabilities/15516