CVE-2006-6010

SAP - Info Disclosure

Title source: llm

Description

SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747.

Exploits (1)

metasploit WORKING POC

by Agnivesh Sathasivam, nmonkee, ChrisJohnRiley · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/sap/sap_soap_rfc_system_info.rb

View Code ZIP pw:eip

References (3)

[Third Party Advisory] http://securityreason.com/securityalert/1889

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/39997

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/451378/100/0/threaded

Scores

EPSS 0.2015

EPSS Percentile 95.5%

Details

Status published

Products (1)

sap/sap_web_application_server

Published Nov 21, 2006

Tracked Since Feb 18, 2026