SAP Knowledge Base Article - Preview

3098167 - Vulnerabilities - Metadata Publishing Enabled for ASMX Web Services - FC

Symptom

  • The web services had metadata publishing enabled for ASMX web services, allowing WSDL metadata to be retrieved by unauthenticated clients.
  • WSDL data may result useful to an attacker in determining the methods exposed by a service and constructing well-formed requests.
  • Can this be considered as Product vulnerability?


Read more...

Environment

SAP Financial Consolidation (FC) 10.1 web client.

Product

SAP Financial Consolidation 10.1

Keywords

web.config , bfc , vulnérabilité , thread ,  , KBA , EPM-BFC-TCL , Technical Components , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.