First published: Tue Nov 21 2006(Updated: )
SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
SAP Web Application Server |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2006-6010 has a medium severity level due to the risk of information disclosure.
CVE-2006-6010 allows remote attackers to extract sensitive information, including operating system and SAP version details.
To fix CVE-2006-6010, restrict access to the RFC_SYSTEM_INFO function and implement appropriate network security controls.
CVE-2006-6010 affects all versions of SAP Web Application Server that are configured to allow remote function calls.
CVE-2006-6010 is a distinct vulnerability and should not be confused with CVE-2003-0747, as it involves a different attack vector.