Vulnerabilities > CVE-2006-6010 - Information Disclosure vulnerability in Sap Web Application Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Metasploit
description | This module makes use of the RFC_SYSTEM_INFO Function to obtain the operating system version, SAP version, IP address and other information through the use of the /sap/bc/soap/rfc SOAP service. |
id | MSF:AUXILIARY/SCANNER/SAP/SAP_SOAP_RFC_SYSTEM_INFO |
last seen | 2020-03-14 |
modified | 2017-07-24 |
published | 2012-11-07 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/sap/sap_soap_rfc_system_info.rb |
title | SAP /sap/bc/soap/rfc SOAP Service RFC_SYSTEM_INFO Function Sensitive Information Gathering |