PatchSiren cyber security CVE debrief

CVE-2017-5372 SAP CVE debrief

CVE-2017-5372 is a high-severity SAP NetWeaver AS Java information-disclosure issue in the P4 SERVERCORE MSPRuntimeInterface. Remote attackers could obtain sensitive system information because several exposed functions did not enforce authorization checks. NVD classifies the weakness as CWE-200 and rates the issue as high impact to confidentiality, with no direct integrity or availability impact described.

Vendor: SAP
Product: CVE-2017-5372
CVSS: HIGH 7.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-01-23
Original CVE updated: 2026-05-13
Advisory published: 2017-01-23
Advisory updated: 2026-05-13

Who should care

SAP NetWeaver AS Java administrators, security teams, and any organization exposing SAP AS JAVA services—especially internet-facing P4 services—should treat this as a priority exposure. Incident responders and vulnerability management teams should also account for it when assessing legacy SAP environments.

Technical summary

The affected msp (MSPRuntimeInterface) functions—getInformation, getParameters, getServiceInfo, getStatistic, and getClientStatistic—allowed access to system data without a required authorization check. According to the supplied NVD record, the issue is remotely reachable, requires no privileges or user interaction, and results in confidential system information disclosure.

Defensive priority

High. The CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, which indicates easy remote exploitation potential and meaningful confidentiality impact. Prioritize systems that expose SAP NetWeaver AS Java or related P4 interfaces to broad networks or untrusted segments.

Recommended defensive actions

Identify all SAP NetWeaver AS Java deployments that include the P4 SERVERCORE component and confirm whether they are affected by CVE-2017-5372.
Apply SAP Security Note 2331908 or the vendor-recommended remediation path referenced by the CVE record.
Restrict network access to P4/SERVERCORE services so they are not reachable from untrusted networks.
Review authentication and authorization controls around exposed SAP management and runtime interfaces.
Check for unusual access to information-retrieval functions and review relevant SAP and network logs for unauthorized queries.
Update asset inventories and vulnerability management records to reflect that this is a confidentiality issue with remote, unauthenticated reachability.

Evidence notes

The supplied official NVD record describes a missing authorization check in the SAP AS JAVA P4 SERVERCORE MSPRuntimeInterface and lists the affected functions. NVD assigns CVSS 3.0 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N and CWE-200. The CVE references include third-party advisories and a mailing-list disclosure that corroborate the issue, alongside the SAP Security Note identifier mentioned in the CVE description.

Official resources

CVE-2017-5372 CVE record
CVE.org
CVE-2017-5372 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected] - Mailing List, VDB Entry
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]
Source reference
[email protected]

Publicly disclosed and published in January 2017; the supplied CVE record shows an initial publication timestamp of 2017-01-23T21:59:03.220Z.