Skip to main content

Netweaver CVE-2015-2817

MEDIUM
Information Exposure (CWE-200)
2015-04-01 cve@mitre.org
5.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:P/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 01, 2015 - 14:59 cve.org
MEDIUM 5.0

DescriptionCVE.org

The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768.

AnalysisAI

The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768. Affected products include: Sap Netweaver.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2012-2611 CRITICAL POC
9.3 May 15

The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispa

CVE-2025-31324 CRITICAL POC
10.0 Apr 24

SAP NetWeaver Visual Composer Metadata Uploader lacks proper authorization, allowing unauthenticated agents to upload ma

CVE-2016-2389 HIGH POC
7.5 Feb 16

Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMI

CVE-2015-7241 CRITICAL POC
9.8 Sep 06

XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2012-2612 MEDIUM POC
5.0 May 15

The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0

CVE-2012-2514 MEDIUM POC
5.0 May 15

The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver

CVE-2012-2512 MEDIUM POC
5.0 May 15

The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver

CVE-2014-0995 MEDIUM POC
5.0 Nov 06

The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of serv

CVE-2012-2513 MEDIUM POC
5.0 May 15

The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP

CVE-2012-2511 MEDIUM POC
5.0 May 15

The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.

CVE-2016-4014 HIGH POC
8.6 Apr 14

XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to ca

CVE-2016-1910 MEDIUM POC
5.3 Jan 15

The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors,

Share

CVE-2015-2817 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy