CVE-2016-3973

CWE-200 ā€” Information Exposure4 documents4 sources
Severity
5.3MEDIUM
EPSS
0.5%
top 33.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP Netweaver Application Server Java
Timeline
PublishedApr 7
Latest updateMay 13

Description

The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive user information by visiting webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat#, pressing "Add users", and doing a search, aka SAP Security Note 2255990.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

ā–¶NVDsap/netweaver_application7.10 ā€” 7.50

šŸ”“Vulnerability Details

2
GHSA
GHSA-c2gm-j7pw-mh9p: The chat feature in the Real-Time Collaboration (RTC) services 7ā†—2022-05-13
ā–¶
CVEList
CVE-2016-3973: The chat feature in the Real-Time Collaboration (RTC) services 7ā†—2016-04-07
ā–¶

šŸ’„Exploits & PoCs

1
Exploit-DB
User-Mode Linux (Linux Kernel 2.4.17-8) - Memory Access Privilege Escalationā†—2000-08-25
ā–¶
CVE-2016-3973 (MEDIUM CVSS 5.3) | The chat feature in the Real-Time C | cvebase.io