Improper HTTP Header Configuration in SAP Gateway Allows Information Disclosure
CVE-2019-0338 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure.
Learn more about our Web Application Penetration Testing UK.