Vulnerabilities > CVE-2006-6010 - Unspecified vulnerability in SAP web Application Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN sap
metasploit
Summary
SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Metasploit
| description | This module makes use of the RFC_SYSTEM_INFO Function to obtain the operating system version, SAP version, IP address and other information through the use of the /sap/bc/soap/rfc SOAP service. |
| id | MSF:AUXILIARY/SCANNER/SAP/SAP_SOAP_RFC_SYSTEM_INFO |
| last seen | 2020-03-14 |
| modified | 2017-07-24 |
| published | 2012-11-07 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/sap/sap_soap_rfc_system_info.rb |
| title | SAP /sap/bc/soap/rfc SOAP Service RFC_SYSTEM_INFO Function Sensitive Information Gathering |
References
- http://securityreason.com/securityalert/1889
- http://securityreason.com/securityalert/1889
- http://www.securityfocus.com/archive/1/451378/100/0/threaded
- http://www.securityfocus.com/archive/1/451378/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39997
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39997