Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Information Disclosure vulnerability in SAP Web Dispatcher and Internet Communication Manager
Vulnerability Description
SAP Web Dispatcher and Internet Communication Manager allow an attacker with administrative privileges to enable debugging trace mode with a specific parameter value. This exposes unencrypted passwords in the logs, causing a high impact on the confidentiality of the application. There is no impact on integrity or availability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
通过日志文件的信息暴露
Vulnerability Title
SAP Web Dispatcher和SAP Internet Communication Manager 日志信息泄露漏洞
Vulnerability Description
SAP Web Dispatcher和SAP Internet Communication Manager(SAP ICM)都是德国思爱普(SAP)公司的产品。SAP Web Dispatcher是Load Balancing 的核心组件,支持负载均衡,提供反向代理的功能,使得外网用户可以访问到内部应用。SAP Internet Communication Manager是一个 SAP NetWeaver 应用程序服务器的组件。用于接收和发送 Web 请求(HTTP、HTTPS、SMTP)。 SAP We
CVSS Information
N/A
Vulnerability Type
N/A