Vulnerabilities > CVE-2006-6010 - Information Disclosure vulnerability in Sap Web Application Server

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
sap
metasploit

Summary

SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747.

Vulnerable Configurations

Part Description Count
Application
Sap
1

Metasploit

descriptionThis module makes use of the RFC_SYSTEM_INFO Function to obtain the operating system version, SAP version, IP address and other information through the use of the /sap/bc/soap/rfc SOAP service.
idMSF:AUXILIARY/SCANNER/SAP/SAP_SOAP_RFC_SYSTEM_INFO
last seen2020-03-14
modified2017-07-24
published2012-11-07
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/sap/sap_soap_rfc_system_info.rb
titleSAP /sap/bc/soap/rfc SOAP Service RFC_SYSTEM_INFO Function Sensitive Information Gathering