POLICY-OTHER --
POLICY-OTHER SAP NetWeaver JWFTestAddAssignees potential disclosure vulnerable page
The JWFTestAddAssignees page is vulnerable to information disclosure if a user clicks "Choose" and then "Search" in SAP NetWeaver AS JAVA 7.1 - 7.5. This is considered a policy violation.
This rule alerts when a user opens the JWFTestAddAssignees web page in SAP Netweaver AS JAVA.
Public information/Proof of Concept available
No known false positives
Cisco Talos Intelligence Group
No rule groups
None
No information provided
None
Tactic: Reconnaissance
Technique: Employee Names
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org