POLICY-OTHER SAP NetWeaver JWFTestAddAssignees potential disclosure vulnerable page
The JWFTestAddAssignees page is vulnerable to information disclosure if a user clicks "Choose" and then "Search" in SAP NetWeaver AS JAVA 7.1 - 7.5. This is considered a policy violation.
What To Look For
This rule alerts when a user opens the JWFTestAddAssignees web page in SAP Netweaver AS JAVA.
Public information/Proof of Concept available
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
Technique: Employee Names
For reference, see the MITRE ATT&CK vulnerability types here:
Information Leakage happens when an attacker manipulates a system into revealing sensitive information, either through malformed input or by taking advantage of another feature of the system.
CVE Additional Information