Description
SAP Profile Maintenance does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1.
References (5)
Core 5
Core References
Various Sources x_refsource_confirm
https://service.sap.com/sap/support/notes/1917381
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Apr/300
Various Sources x_refsource_misc
http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-007
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/67103
Various Sources x_refsource_confirm
http://scn.sap.com/docs/DOC-8218
Scores
EPSS
0.0025
EPSS Percentile
48.4%
Details
CWE
CWE-264
Status
published
Products (1)
sap/profile_maintenance
Published
Apr 30, 2014
Tracked Since
Feb 18, 2026