N/A

The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive user information by visiting webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat#, pressing "Add users", and doing a search, aka SAP Security Note 2255990.

N/A

N/A

SAP NetWeaver AS Java Real-Time Collaboration服务安全漏洞

SAP NetWeaver是德国思爱普（SAP）公司的一套面向服务的集成化应用平台，该平台可为SAP应用提供开发和运行环境。SAP NetWeaver AS（Application Server）Java是一款运行于NetWeaver中且基于Java编程语言的应用服务器。Real-Time Collaboration（RTC）services是其中的一个包含即时消息、聊天和应用程序共享的实时协作服务。 SAP NetWeaver AS Java 7.4版本的RTC服务中的聊天功能存在安全漏洞。远程攻击者可

N/A

N/A