Improper HTTP Header Configuration in SAP Gateway Allows Information Disclosure

Improper HTTP Header Configuration in SAP Gateway Allows Information Disclosure

CVE-2019-0338 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure.

Learn more about our Web Application Penetration Testing UK.