CVE-2015-3981 : SAP NetWeaver RFC SDK allows attackers to obtain sensitive information via unspe

SAP NetWeaver RFC SDK allows attackers to obtain sensitive information via unspecified vectors, aka SAP Security Note 2084037.

Published 2015-05-12 20:59:04

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2015-3981

SAP » Netweaver Rfc Sdk
cpe:2.3:a:sap:netweaver_rfc_sdk:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.29%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 52 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

http://www.securityfocus.com/bid/74627

SAP NetWeaver RFC SDK CVE-2015-3981 Unspecified Information Disclosure Vulnerability
http://www.securitytracker.com/id/1032308

SAP NetWeaver RFC SDK Discloses Potentially Sensitive Information - SecurityTracker
https://erpscan.io/press-center/blog/sap-security-notes-april-2015/

SAP Security Notes April 2015 - Review

CVEs referencing this url

Jump to