Search criteria
14 vulnerabilities found for NetWeaver Application Server ABAP by SAP
CERTFR-2025-AVI-0867
Vulnerability from certfr_avis - Published: 2025-10-14 - Updated: 2025-10-14
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | SAP NetWeaver AS Java | NetWeaver AS Java version SERVERCORE 7.50 sans le dernier correctif de sécurité | ||
| SAP | Financial Service Claims Management | Financial Service Claims Management versions INSURANCE 803, 804, 805, 806, S4CEXT 107, 108 et 109 sans le dernier correctif de sécurité | ||
| SAP | Print Service | Print Service versions SAPSPRINT 8.00 et 8.10 sans le dernier correctif de sécurité | ||
| SAP | Data Hub Integration Suite | Data Hub Integration Suite version CX_DATAHUB_INT_PACK 2205 sans le dernier correctif de sécurité | ||
| SAP | BusinessObjects | BusinessObjects versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Application Server pour ABAP | Application Server pour ABAP versions KRNL64UC 7.53, KERNEL 7.53, 7.54, 7.77, 7.89, 7.93 et 9.16 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver | NetWeaver versions SAP_ABA 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H et 75I sans le dernier correctif de sécurité | ||
| SAP | S/4HANA | S/4HANA versions S4CORE 104, 105, 106, 107, 108 et 109 sans le dernier correctif de sécurité | ||
| SAP | Cloud Appliance Library Appliances | Cloud Appliance Library Appliances version TITANIUM_WEBAPP 4.0 sans le dernier correctif de sécurité | ||
| SAP | Commerce Cloud | Commerce Cloud versions HY_COM 2205, COM_CLOUD 2211 et 2211-JDK21 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Application Server pour ABAP | Application Server pour ABAP versions SAP_BASIS 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758 et 816 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Application Server ABAP et ABAP Platform | NetWeaver Application Server ABAP and ABAP Platform versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93, 9.14, 9.15 et 9.16 sans le dernier correctif de sécurité | ||
| SAP | Supplier Relationship Management | Supplier Relationship Management versions SRMNXP01 100 et 150 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Application Server ABAP | NetWeaver Application Server ABAP versions RNL64UC 7.53, KERNEL 7.53, 7.54, 7.77, 7.89, 7.93, 9.12 et 9.14 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "NetWeaver AS Java version SERVERCORE 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP NetWeaver AS Java",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Financial Service Claims Management versions INSURANCE 803, 804, 805, 806, S4CEXT 107, 108 et 109 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Financial Service Claims Management",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Print Service versions SAPSPRINT 8.00 et 8.10 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Print Service",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Data Hub Integration Suite version CX_DATAHUB_INT_PACK 2205 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Data Hub Integration Suite",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "BusinessObjects versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "BusinessObjects",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Application Server pour ABAP versions KRNL64UC 7.53, KERNEL 7.53, 7.54, 7.77, 7.89, 7.93 et 9.16 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Application Server pour ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver versions SAP_ABA 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H et 75I sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S/4HANA versions S4CORE 104, 105, 106, 107, 108 et 109 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "S/4HANA",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Cloud Appliance Library Appliances version TITANIUM_WEBAPP 4.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Cloud Appliance Library Appliances",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Commerce Cloud versions HY_COM 2205, COM_CLOUD 2211 et 2211-JDK21 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Commerce Cloud",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Application Server pour ABAP versions SAP_BASIS 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758 et 816 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Application Server pour ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Application Server ABAP and ABAP Platform versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93, 9.14, 9.15 et 9.16 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Application Server ABAP et ABAP Platform",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Supplier Relationship Management versions SRMNXP01 100 et 150 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Supplier Relationship Management",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Application Server ABAP versions RNL64UC 7.53, KERNEL 7.53, 7.54, 7.77, 7.89, 7.93, 9.12 et 9.14 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Application Server ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-42944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42944"
},
{
"name": "CVE-2025-42906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42906"
},
{
"name": "CVE-2025-42902",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42902"
},
{
"name": "CVE-2025-42903",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42903"
},
{
"name": "CVE-2025-42910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42910"
},
{
"name": "CVE-2025-42909",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42909"
},
{
"name": "CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"name": "CVE-2025-42984",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42984"
},
{
"name": "CVE-2025-42908",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42908"
},
{
"name": "CVE-2025-42937",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42937"
},
{
"name": "CVE-2025-0059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0059"
},
{
"name": "CVE-2025-48913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48913"
},
{
"name": "CVE-2025-42939",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42939"
},
{
"name": "CVE-2025-31672",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31672"
},
{
"name": "CVE-2025-31331",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31331"
},
{
"name": "CVE-2025-42901",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42901"
}
],
"initial_release_date": "2025-10-14T00:00:00",
"last_revision_date": "2025-10-14T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0867",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 SAP october-2025",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2025.html"
}
]
}
VAR-202110-0874
Vulnerability from variot - Updated: 2023-12-18 14:00There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755. An unauthorized attacker can use the public SICF service /sap/public/bc/abap to reduce the performance of SAP NetWeaver Application Server ABAP and ABAP Platform
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202110-0874",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netweaver abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "754"
},
{
"model": "netweaver abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "751"
},
{
"model": "netweaver abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "740"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "753"
},
{
"model": "netweaver abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "755"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "750"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "754"
},
{
"model": "netweaver abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "750"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "752"
},
{
"model": "netweaver abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "753"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "751"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "740"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "755"
},
{
"model": "netweaver abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "752"
},
{
"model": "netweaver as abap",
"scope": null,
"trust": 0.8,
"vendor": "sap",
"version": null
},
{
"model": "netweaver abap",
"scope": null,
"trust": 0.8,
"vendor": "sap",
"version": null
},
{
"model": "netweaver application server for abap",
"scope": "eq",
"trust": 0.6,
"vendor": "sap",
"version": "740"
},
{
"model": "netweaver application server for abap",
"scope": "eq",
"trust": 0.6,
"vendor": "sap",
"version": "750"
},
{
"model": "netweaver application server for abap",
"scope": "eq",
"trust": 0.6,
"vendor": "sap",
"version": "751"
},
{
"model": "netweaver application server for abap",
"scope": "eq",
"trust": 0.6,
"vendor": "sap",
"version": "752"
},
{
"model": "netweaver application server for abap",
"scope": "eq",
"trust": 0.6,
"vendor": "sap",
"version": "753"
},
{
"model": "netweaver application server for abap",
"scope": "eq",
"trust": 0.6,
"vendor": "sap",
"version": "754"
},
{
"model": "netweaver application server for abap",
"scope": "eq",
"trust": 0.6,
"vendor": "sap",
"version": "755"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-05525"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013685"
},
{
"db": "NVD",
"id": "CVE-2021-40495"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:740:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:750:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:751:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:752:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:753:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:754:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:755:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-40495"
}
]
},
"cve": "CVE-2021-40495",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-40495",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-05525",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-40495",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-40495",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2022-05525",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202110-777",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-40495",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-05525"
},
{
"db": "VULMON",
"id": "CVE-2021-40495"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013685"
},
{
"db": "NVD",
"id": "CVE-2021-40495"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-777"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755. An unauthorized attacker can use the public SICF service /sap/public/bc/abap to reduce the performance of SAP NetWeaver Application Server ABAP and ABAP Platform",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-40495"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013685"
},
{
"db": "CNVD",
"id": "CNVD-2022-05525"
},
{
"db": "VULMON",
"id": "CVE-2021-40495"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-40495",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013685",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-05525",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202110-777",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-40495",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-05525"
},
{
"db": "VULMON",
"id": "CVE-2021-40495"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013685"
},
{
"db": "NVD",
"id": "CVE-2021-40495"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-777"
}
]
},
"id": "VAR-202110-0874",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-05525"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-05525"
}
]
},
"last_update_date": "2023-12-18T14:00:01.043000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.sap.com/index.html"
},
{
"title": "Patch for SAP NetWeaver Application Server Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/315381"
},
{
"title": "SAP NetWeaver Application Server Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=166532"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-05525"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013685"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-777"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013685"
},
{
"db": "NVD",
"id": "CVE-2021-40495"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=587169983"
},
{
"trust": 1.7,
"url": "https://launchpad.support.sap.com/#/notes/3099011"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40495"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-october-2021-36632"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-05525"
},
{
"db": "VULMON",
"id": "CVE-2021-40495"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013685"
},
{
"db": "NVD",
"id": "CVE-2021-40495"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-777"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-05525"
},
{
"db": "VULMON",
"id": "CVE-2021-40495"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013685"
},
{
"db": "NVD",
"id": "CVE-2021-40495"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-777"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-05525"
},
{
"date": "2021-10-12T00:00:00",
"db": "VULMON",
"id": "CVE-2021-40495"
},
{
"date": "2022-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-013685"
},
{
"date": "2021-10-12T15:15:09.127000",
"db": "NVD",
"id": "CVE-2021-40495"
},
{
"date": "2021-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-777"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-05525"
},
{
"date": "2021-10-19T00:00:00",
"db": "VULMON",
"id": "CVE-2021-40495"
},
{
"date": "2022-09-26T02:55:00",
"db": "JVNDB",
"id": "JVNDB-2021-013685"
},
{
"date": "2022-10-06T15:20:09.903000",
"db": "NVD",
"id": "CVE-2021-40495"
},
{
"date": "2021-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-777"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-777"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP\u00a0NetWeaver\u00a0Application\u00a0Server\u00a0ABAP\u00a0 and \u00a0ABAP\u00a0Platform\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013685"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-777"
}
],
"trust": 0.6
}
}
VAR-202202-0560
Vulnerability from variot - Updated: 2023-12-18 13:37SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. Successful attacks could result in disclosure of a table of contents from the system, but no risk of modification possible. SAP NetWeaver AS ABAP for, SQL There is an injection vulnerability.Information may be obtained. SAP NetWeaver AS is a SAP network application server from the German company SAP. It can not only provide network services, but also the basic platform of SAP software.
A SQL injection vulnerability exists in SAP NetWeaver AS, which can be exploited by attackers to compromise vulnerable systems, including Business Objects, SAP CRM Web Channel, SAP CRM, SAP ERP, NetWeaver, ASE
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0560",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "753"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "731"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "750"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "700"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "702"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "754"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "752"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "701"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "756"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "751"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "787"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "740"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "755"
},
{
"model": "netweaver application server abap",
"scope": null,
"trust": 0.8,
"vendor": "sap",
"version": null
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": null
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 0.6,
"vendor": "sap",
"version": "702"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 0.6,
"vendor": "sap",
"version": "731"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 0.6,
"vendor": "sap",
"version": "740"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 0.6,
"vendor": "sap",
"version": "750"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 0.6,
"vendor": "sap",
"version": "751"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 0.6,
"vendor": "sap",
"version": "700"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 0.6,
"vendor": "sap",
"version": "701"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 0.6,
"vendor": "sap",
"version": "752"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 0.6,
"vendor": "sap",
"version": "753"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 0.6,
"vendor": "sap",
"version": "754"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 0.6,
"vendor": "sap",
"version": "755"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 0.6,
"vendor": "sap",
"version": "756"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 0.6,
"vendor": "sap",
"version": "787"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-13358"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005414"
},
{
"db": "NVD",
"id": "CVE-2022-22540"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:787:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22540"
}
]
},
"cve": "CVE-2022-22540",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2022-22540",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-13358",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-22540",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-22540",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-13358",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-558",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-22540",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-13358"
},
{
"db": "VULMON",
"id": "CVE-2022-22540"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005414"
},
{
"db": "NVD",
"id": "CVE-2022-22540"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-558"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. Successful attacks could result in disclosure of a table of contents from the system, but no risk of modification possible. SAP NetWeaver AS ABAP for, SQL There is an injection vulnerability.Information may be obtained. SAP NetWeaver AS is a SAP network application server from the German company SAP. It can not only provide network services, but also the basic platform of SAP software. \n\r\n\r\nA SQL injection vulnerability exists in SAP NetWeaver AS, which can be exploited by attackers to compromise vulnerable systems, including Business Objects, SAP CRM Web Channel, SAP CRM, SAP ERP, NetWeaver, ASE",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22540"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005414"
},
{
"db": "CNVD",
"id": "CNVD-2022-13358"
},
{
"db": "VULMON",
"id": "CVE-2022-22540"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-22540",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005414",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-13358",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-558",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-22540",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-13358"
},
{
"db": "VULMON",
"id": "CVE-2022-22540"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005414"
},
{
"db": "NVD",
"id": "CVE-2022-22540"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-558"
}
]
},
"id": "VAR-202202-0560",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-13358"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-13358"
}
]
},
"last_update_date": "2023-12-18T13:37:07.363000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP\u00a0Security\u00a0Patch\u00a0Day\u00a0-\u00a0May\u00a02023",
"trust": 0.8,
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"title": "Patch for SAP NetWeaver AS SQL Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/321361"
},
{
"title": "SAP NetWeaver AS SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=181719"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-22540 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-13358"
},
{
"db": "VULMON",
"id": "CVE-2022-22540"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005414"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-558"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.0
},
{
"problemtype": "SQL injection (CWE-89) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005414"
},
{
"db": "NVD",
"id": "CVE-2022-22540"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://launchpad.support.sap.com/#/notes/3140587"
},
{
"trust": 1.7,
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22540"
},
{
"trust": 0.6,
"url": "https://wiki.scn.sap.com/wiki/display/psr/sap+security+patch+day+-+february+2022"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-de-decembre-2021-37478"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/89.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-22540"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-13358"
},
{
"db": "VULMON",
"id": "CVE-2022-22540"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005414"
},
{
"db": "NVD",
"id": "CVE-2022-22540"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-558"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-13358"
},
{
"db": "VULMON",
"id": "CVE-2022-22540"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005414"
},
{
"db": "NVD",
"id": "CVE-2022-22540"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-558"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-13358"
},
{
"date": "2022-02-09T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22540"
},
{
"date": "2023-05-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-005414"
},
{
"date": "2022-02-09T23:15:18.817000",
"db": "NVD",
"id": "CVE-2022-22540"
},
{
"date": "2022-02-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-558"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-13358"
},
{
"date": "2022-10-05T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22540"
},
{
"date": "2023-05-30T08:12:00",
"db": "JVNDB",
"id": "JVNDB-2022-005414"
},
{
"date": "2022-10-05T14:16:09.207000",
"db": "NVD",
"id": "CVE-2022-22540"
},
{
"date": "2022-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-558"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-558"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP NetWeaver AS SQL Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-13358"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-558"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-558"
}
],
"trust": 0.6
}
}
VAR-202304-0812
Vulnerability from variot - Updated: 2023-12-18 13:26SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could craft a malicious URL and lure the victim to click, the script supplied by the attacker will execute in the victim user's browser. The information from the victim's web browser can either be modified or read and sent to the attacker. SAP of SAP NetWeaver and SAP Netweaver Application Server ABAP Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202304-0812",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "7.54"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "7.53"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "7.77"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "krnl64uc"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "7.22"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "7.81"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "7.89"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "krnl64uc_7.22"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "7.22ext"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "7.91"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "7.85"
},
{
"model": "netweaver",
"scope": null,
"trust": 0.8,
"vendor": "sap",
"version": null
},
{
"model": "netweaver application server abap",
"scope": null,
"trust": 0.8,
"vendor": "sap",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-007137"
},
{
"db": "NVD",
"id": "CVE-2023-27499"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver:7.22ext:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:7.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:7.53:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:7.77:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:7.81:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:7.85:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:7.89:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:7.54:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:7.91:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-27499"
}
]
},
"cve": "CVE-2023-27499",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2023-27499",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-27499",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "cna@sap.com",
"id": "CVE-2023-27499",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202304-708",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-007137"
},
{
"db": "NVD",
"id": "CVE-2023-27499"
},
{
"db": "NVD",
"id": "CVE-2023-27499"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-708"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could craft a malicious URL and lure the victim to click, the script supplied by the attacker will execute in the victim user\u0027s browser. The information from the victim\u0027s web browser can either be modified or read and sent to the attacker. SAP of SAP NetWeaver and SAP Netweaver Application Server ABAP Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-27499"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-007137"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-27499",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2023-007137",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202304-708",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-007137"
},
{
"db": "NVD",
"id": "CVE-2023-27499"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-708"
}
]
},
"id": "VAR-202304-0812",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.27111164
},
"last_update_date": "2023-12-18T13:26:40.927000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP GUI Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=234165"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-708"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-007137"
},
{
"db": "NVD",
"id": "CVE-2023-27499"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"trust": 1.6,
"url": "https://launchpad.support.sap.com/#/notes/3275458"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-27499"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-27499/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-007137"
},
{
"db": "NVD",
"id": "CVE-2023-27499"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-708"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2023-007137"
},
{
"db": "NVD",
"id": "CVE-2023-27499"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-708"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-007137"
},
{
"date": "2023-04-11T03:15:07.547000",
"db": "NVD",
"id": "CVE-2023-27499"
},
{
"date": "2023-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-708"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-17T06:52:00",
"db": "JVNDB",
"id": "JVNDB-2023-007137"
},
{
"date": "2023-04-18T16:02:19.700000",
"db": "NVD",
"id": "CVE-2023-27499"
},
{
"date": "2023-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-708"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-708"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP\u00a0 of \u00a0SAP\u00a0NetWeaver\u00a0 and \u00a0SAP\u00a0Netweaver\u00a0Application\u00a0Server\u00a0ABAP\u00a0 Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-007137"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-708"
}
],
"trust": 0.6
}
}
VAR-201506-0131
Vulnerability from variot - Updated: 2023-12-18 13:24The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to look-ups of non-simple codes, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316. Vendors have confirmed this vulnerability SAP Security Note 2124806 , 2121661 , 2127995 ,and 2125316 It is released as.Denial of service by attacker (out-of-bounds read) There is a possibility of being put into a state. Multiple SAP Products are prone to a buffer-overflow vulnerability and a denial-of-service vulnerability. Remote attackers can exploit these issues to execute arbitrary code in the context of the application or cause denial-of-service conditions. 1. Advisory Information
Title: SAP LZC/LZH Compression Multiple Vulnerabilities Advisory ID: CORE-2015-0009 Advisory URL: http://www.coresecurity.com/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities Date published: 2015-05-12 Date of last update: 2015-05-12 Vendors contacted: SAP Release mode: Coordinated release
- Vulnerability Information
Class: Out-of-bounds Write [CWE-787], Out-of-bounds Read [CWE-125] Impact: Denial of service Remotely Exploitable: Yes Locally Exploitable: Yes CVE Name: CVE-2015-2282, CVE-2015-2278
- Vulnerability Description
SAP products make use of a proprietary implementation of the Lempel-Ziv-Thomas (LZC) adaptive dictionary compression algorithm and the Lempel-Ziv-Huffman (LZH) compression algorithm [1] . These compression algorithms are used across several SAP products and programs. Vulnerabilities were found in the decompression routines that could be triggered in different scenarios, and could lead to execution of arbitrary code and denial of service conditions.
- Vulnerable Packages
SAP Netweaver Application Server ABAP. SAP Netweaver Application Server Java. SAP Netweaver RFC SDK SAP RFC SDK SAP GUI SAP MaxDB database SAPCAR archive tool Other products and versions might be affected, but they were not tested.
- Vendor Information, Solutions and Workarounds
SAP published the following Security Notes:
2124806 2121661 2127995 2125316 They can be accessed by SAP clients in their Support Portal [15].
Developers who used the Open Source versions of MaxDB 7.5 and 7.6 for their tools should contact SAP.
- Credits
This vulnerability was discovered and researched by Martin Gallo from Core Security Consulting Services. The publication of this advisory was coordinated by Joaquín Rodríguez Varela from Core Advisories Team.
- Technical Description / Proof of Concept Code
SAP products make use of LZC and LZH algorithms for compressing in-transit data for different services (Diag protocol, RFC protocol, MaxDB protocol) and for distributing files (SAPCAR program). The implementation of this algorithm was also included in Open Source versions of MaxDB 7.5 and 7.6 [2], and used on multiple Open Source security-related programs [3][4][5][6][7][8][9][10][11].
The code that handles the decompression of LZC and LZH compressed data is prone to two memory corruption vulnerabilities, as described below.
7.1. LZC decompression stack-based buffer overflow
The vulnerability [CVE-2015-2282] is caused by an out-of-bounds write to a stack buffer used by the decompression routine to write the output characters.
The following snippet of code shows the vulnerable function [file vpa106cslzc.cpp in the MaxDB source code [12]]. This piece of code can be reached by decompressing a specially crafted buffer.
[..] int CsObjectInt::CsDecomprLZC (SAP_BYTE * inbuf, SAP_INT inlen, SAP_BYTE * outbuf, SAP_INT outlen, SAP_INT option, SAP_INT * bytes_read, SAP_INT * bytes_written) [..] / Generate output characters in reverse order .................../ while (code >= 256) { *stackp++ = TAB_SUFFIXOF(code); OVERFLOW_CHECK code = TAB_PREFIXOF(code); } [..] Note that the "code" variable contains an attacker controlled value, resulting in a stack overflow if the value is greater than 256 and the value for that code in the prefix table is also greater than 256. It's possible to fill in the stack with arbitrary values by controlling the values stored in the prefix and suffix tables.
It's also worth mentioning that the above code includes a macro for performing some bounds checks on the stack pointer ("OVERFLOW_CHECK"). However, the check implemented by this macro is not sufficient for avoiding this vulnerability and also could lead to fault conditions when decompressing valid buffers. Moreover, vulnerable products and programs were built without this macro enabled ("CS_STACK_CHECK" macro not defined at the time of compilation).
7.2. LZH decompression out-of-bounds read
The vulnerability [CVE-2015-2278] is caused by an out-of-bounds read of a buffer used by the decompression routine when performing look-ups of non-simple codes.
The following piece of code shows the vulnerable function [file vpa108csulzh.cpp in the MaxDB source code [13]]. This piece of code can be reached by decompressing a specially crafted buffer.
[..] int CsObjectInt::BuildHufTree ( unsigned * b, / code lengths in bits (all assumed <= BMAX) / unsigned n, / number of codes (assumed <= N_MAX) / unsigned s, / number of simple-valued codes (0..s-1) / int * d, / list of base values for non-simple codes / int * e, / list of extra bits for non-simple codes / HUFTREE t, / result: starting table / int * m) / maximum lookup bits, returns actual / [..] if (p >= v + n) { r.e = INVALIDCODE; / out of values--invalid code / } else if (p < s) { / 256 is end-of-block code / r.e = (unsigned char)(p < 256 ? LITCODE : EOBCODE); r.v.n = (unsigned short) p; / simple code is just the value/ p++; } else { r.e = (unsigned char) e[p - s]; /non-simple,look up in lists/ r.v.n = (unsigned short) d[*p - s]; p++; } [..]
The "e" and "d" arrays are indexed with the value of "*p - s" which is an attacker-controlled value. When the code is reached, this results in an out-of-bounds read access.
7.3. Attack scenarios
The vulnerabilities affect a varied range of products and programs. The attack scenarios differ based on the way each product makes use of the compression libraries. At very least the following scenarios can be identified:
7.3.1. Attacks against server-side components
SAP Netweaver services like Dispatcher or Gateway handle compressed requests coming from the different clients connecting to them. A remote unauthenticated attacker might be able to connect to the aforementioned services and trigger the vulnerabilities by sending specially crafted packets.
7.3.2. Client-side attacks
An attacker might be able to perform client-side attacks against users of the affected programs that handle compressed data. For instance, an attacker might send a specially crafted .CAR or .SAR archive file aimed at being decompressed using the SAPCAR tool, or mount a rogue SAP server offering Dispatcher and entice users to connect to this malicious server using SAP GUI.
7.3.3. Man-in-the-middle attacks
As most of the services affected by these issues are not encrypted by default, an attacker might be able to perform a man-in-the-middle attack and trigger the vulnerabilities by injecting malicious packets within the communication.
7.4. Looking in binaries for compression routines
The LZC and LZH compression algorithm routines are statically compiled in the different binaries of the affected products and programs. It's possible to check if a binary includes these functions by looking at whether the algorithm's constants are used in the program.
The following Radare [14] command can be used to check if a binary file includes the mentioned constants:
$ rafind2 -x fffefcf8f0e0c080 -x 0103070f1f3f7fff
Example output:
$ rafind2 -X -x fffefcf8f0e0c080 -x 0103070f1f3f7fff SAPCAR64
SAPCAR64: 000 @ 0x1082c1 offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF 0x001082c1 0103 070f 1f3f 7fff fffe fcf8 f0e0 c080 .....?.......... 0x001082d1 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x001082e1 0000 0000 0000 0000 0000 0000 0000 0004 ................ 0x001082f1 0000 0004 0000 0010 0000 0000 0000 0006 ................ 0x00108301 0000 0008 0000 0010 0000 0000 0000 ..............
- Report Timeline
2015-01-20: Core Security sends an initial notification to SAP. Publication date set to Mar 10, 2015 (Patch Tuesday). 2015-01-21: SAP confirms reception and requests a draft version of the advisory. 2015-01-21: Core Security sends the draft version of the advisory to the vendor. 2015-01-21: SAP confirms reception of the report and assigns the following security message Number: 55318 2015. 2015-01-22: SAP asks if the two vulnerable functions mentioned in the draft are the only ones affected by these vulnerabilities. 2015-01-22: Core Security informs the vendor that researchers were only able to trigger the vulnerabilities in the functions mentioned in the draft advisory. In case they find other instances where the vulnerabilities can be triggered, Core requests to be informed. 2015-01-30: Core Security asks the vendor if they were able to verify the vulnerabilities in order to coordinate a proper release date. 2015-02-02: SAP states that they verified and confirmed the vulnerabilities, are working on a solution, and will provide an update once the solution plan is finished. 2015-02-04: SAP states that they will be able to provide a fix by May's Patch Tuesday, 2015, and not March as requested. They also request to know how the advisory is going to be published and if we have any plans to include them in any upcoming presentations. 2015-02-10: SAP requests confirmation of their previous email in order to coordinate the advisory for the May 12th, 2015. 2015-02-18: Core Security informs SAP that the date is confirmed and that researchers might present something after the publication of the advisory. 2015-02-19: SAP states that it is thankful for Core's commitment to go for a coordinated release. They say they will keep us updated. 2015-05-07: Core Security reminds SAP that the date for the proposed fix to be released is the following week, therefore we would like to resume communications in order to publish our findings in a coordinated manner. 2015-05-07: SAP informs that they are on track to release the security notes as part of their May patch day (May 12th, 2015). 2015-05-11: Core Security asks SAP for the specific time they are planning to publish their security note and requests a tentative link so it can be included in Core's advisory. Additionally, Core sends a tentative fix for the source code that it is planning to add in its advisory for SAP to review, and a list of vulnerable tools that used the vulnerable code so SAP can contact and inform the owners of the fix. 2015-05-12: SAP states that they published 4 security notes regarding the issues we reported. They requested for us to wait 3 months to publish our findings and to send them the advisory before is published. 2015-05-12: Core Security requests that SAP fixes the external ID (Core's ID) they used and offer Core's publication link. Additionally, Core explained that is their policy to release their findings the same day the vendor does. Core also reminded SAP that they were still waiting for a reply to their previous email. 2015-05-12: Advisory CORE-2015-0009 published.
- References
[1] http://en.wikipedia.org/wiki/LZ77_and_LZ78. [2] ftp://ftp.sap.com/pub/maxdb/current/7.6.00/. [3] http://conus.info/utils/SAP_pkt_decompr.txt. [4] https://github.com/sensepost/SAPProx. [5] https://github.com/sensepost/SapCap. [6] http://blog.ptsecurity.com/2011/10/sap-diag-decompress-plugin-for.html. [7] https://github.com/CoreSecurity/pysap. [8] https://github.com/CoreSecurity/SAP-Dissection-plug-in-for-Wireshark. [9] https://github.com/daberlin/sap-reposrc-decompressor. [10] https://labs.mwrinfosecurity.com/tools/sap-decom/. [11] http://www.oxid.it/cain.html. [12] http://maxdb-7.5.00.sourcearchive.com/documentation/7.5.00.44-2/vpa106cslzc_8cpp-source.html. [13] http://maxdb-7.5.00.sourcearchive.com/documentation/7.5.00.44-2/vpa108csulzh_8cpp-source.html. [14] http://radare.org/y/. [15] https://service.sap.com/securitynotes.
- About CoreLabs
CoreLabs, the research center of Core Security, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com.
- About Core Security
Core Security enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations.
Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com.
- Disclaimer
The contents of this advisory are copyright (c) 2015 Core Security and (c) 2015 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/
- PGP/GPG Keys
This advisory has been signed with the GPG key of Core Security advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201506-0131",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "maxdb",
"scope": "eq",
"trust": 2.4,
"vendor": "sap",
"version": "7.5"
},
{
"model": "maxdb",
"scope": "eq",
"trust": 2.4,
"vendor": "sap",
"version": "7.6"
},
{
"model": "gui",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": null
},
{
"model": "netweaver rfc sdk",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": null
},
{
"model": "netweaver java application server",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": null
},
{
"model": "netweaver abap application server",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": null
},
{
"model": "rfc library",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "*"
},
{
"model": "gui",
"scope": null,
"trust": 0.8,
"vendor": "sap",
"version": null
},
{
"model": "netweaver application server abap",
"scope": null,
"trust": 0.8,
"vendor": "sap",
"version": null
},
{
"model": "netweaver application server java",
"scope": null,
"trust": 0.8,
"vendor": "sap",
"version": null
},
{
"model": "netweaver rfc sdk",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "\\u3000"
},
{
"model": "rfc library",
"scope": null,
"trust": 0.6,
"vendor": "sap",
"version": null
},
{
"model": "sapcar archive tool",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "rfc sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "netweaver rfc sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "netweaver application server java",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "maxdb database",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "gui",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "74643"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002925"
},
{
"db": "NVD",
"id": "CVE-2015-2278"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-482"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:maxdb:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_java_application_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_rfc_sdk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:gui:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:rfc_library:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:maxdb:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_abap_application_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2278"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Martin Gallo of Core Security Consulting Services.",
"sources": [
{
"db": "BID",
"id": "74643"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2278",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-2278",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-2278",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201505-482",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-2278",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-2278"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002925"
},
{
"db": "NVD",
"id": "CVE-2015-2278"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-482"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to look-ups of non-simple codes, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316. Vendors have confirmed this vulnerability SAP Security Note 2124806 , 2121661 , 2127995 ,and 2125316 It is released as.Denial of service by attacker (out-of-bounds read) There is a possibility of being put into a state. Multiple SAP Products are prone to a buffer-overflow vulnerability and a denial-of-service vulnerability. \nRemote attackers can exploit these issues to execute arbitrary code in the context of the application or cause denial-of-service conditions. 1. Advisory Information\n\nTitle: SAP LZC/LZH Compression Multiple Vulnerabilities\nAdvisory ID: CORE-2015-0009\nAdvisory URL: http://www.coresecurity.com/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities\nDate published: 2015-05-12\nDate of last update: 2015-05-12\nVendors contacted: SAP\nRelease mode: Coordinated release\n\n2. Vulnerability Information\n\nClass: Out-of-bounds Write [CWE-787], Out-of-bounds Read [CWE-125]\nImpact: Denial of service\nRemotely Exploitable: Yes\nLocally Exploitable: Yes\nCVE Name: CVE-2015-2282, CVE-2015-2278\n\n\n3. Vulnerability Description\n\nSAP products make use of a proprietary implementation of the Lempel-Ziv-Thomas (LZC) adaptive dictionary compression algorithm and the Lempel-Ziv-Huffman (LZH) compression algorithm [1] . These compression algorithms are used across several SAP products and programs. Vulnerabilities were found in the decompression routines that could be triggered in different scenarios, and could lead to execution of arbitrary code and denial of service conditions. \n\n\n4. Vulnerable Packages\n\nSAP Netweaver Application Server ABAP. \nSAP Netweaver Application Server Java. \nSAP Netweaver RFC SDK\nSAP RFC SDK\nSAP GUI\nSAP MaxDB database\nSAPCAR archive tool\nOther products and versions might be affected, but they were not tested. \n\n\n5. Vendor Information, Solutions and Workarounds\n\nSAP published the following Security Notes:\n\n2124806\n2121661\n2127995\n2125316\nThey can be accessed by SAP clients in their Support Portal [15]. \n\nDevelopers who used the Open Source versions of MaxDB 7.5 and 7.6 for their tools should contact SAP. \n\n\n6. Credits\n\nThis vulnerability was discovered and researched by Martin Gallo from Core Security Consulting Services. The publication of this advisory was coordinated by Joaqu\u00edn Rodr\u00edguez Varela from Core Advisories Team. \n\n\n\n7. Technical Description / Proof of Concept Code\n\nSAP products make use of LZC and LZH algorithms for compressing in-transit data for different services (Diag protocol, RFC protocol, MaxDB protocol) and for distributing files (SAPCAR program). The implementation of this algorithm was also included in Open Source versions of MaxDB 7.5 and 7.6 [2], and used on multiple Open Source security-related programs [3][4][5][6][7][8][9][10][11]. \n\nThe code that handles the decompression of LZC and LZH compressed data is prone to two memory corruption vulnerabilities, as described below. \n\n7.1. LZC decompression stack-based buffer overflow\n\nThe vulnerability [CVE-2015-2282] is caused by an out-of-bounds write to a stack buffer used by the decompression routine to write the output characters. \n\nThe following snippet of code shows the vulnerable function [file vpa106cslzc.cpp in the MaxDB source code [12]]. This piece of code can be reached by decompressing a specially crafted buffer. \n\n \n[..]\nint CsObjectInt::CsDecomprLZC (SAP_BYTE * inbuf,\n SAP_INT inlen,\n SAP_BYTE * outbuf,\n SAP_INT outlen,\n SAP_INT option,\n SAP_INT * bytes_read,\n SAP_INT * bytes_written)\n [..]\n /* Generate output characters in reverse order ...................*/\n while (code \u003e= 256)\n {\n *stackp++ = TAB_SUFFIXOF(code);\n OVERFLOW_CHECK\n code = TAB_PREFIXOF(code);\n }\n[..]\nNote that the \"code\" variable contains an attacker controlled value, resulting in a stack overflow if the value is greater than 256 and the value for that code in the prefix table is also greater than 256. It\u0027s possible to fill in the stack with arbitrary values by controlling the values stored in the prefix and suffix tables. \n\nIt\u0027s also worth mentioning that the above code includes a macro for performing some bounds checks on the stack pointer (\"OVERFLOW_CHECK\"). However, the check implemented by this macro is not sufficient for avoiding this vulnerability and also could lead to fault conditions when decompressing valid buffers. Moreover, vulnerable products and programs were built without this macro enabled (\"CS_STACK_CHECK\" macro not defined at the time of compilation). \n\n7.2. LZH decompression out-of-bounds read\n\nThe vulnerability [CVE-2015-2278] is caused by an out-of-bounds read of a buffer used by the decompression routine when performing look-ups of non-simple codes. \n\nThe following piece of code shows the vulnerable function [file vpa108csulzh.cpp in the MaxDB source code [13]]. This piece of code can be reached by decompressing a specially crafted buffer. \n\n \n[..]\nint CsObjectInt::BuildHufTree (\n unsigned * b, /* code lengths in bits (all assumed \u003c= BMAX) */\n unsigned n, /* number of codes (assumed \u003c= N_MAX) */\n unsigned s, /* number of simple-valued codes (0..s-1) */\n int * d, /* list of base values for non-simple codes */\n int * e, /* list of extra bits for non-simple codes */\n HUFTREE **t, /* result: starting table */\n int * m) /* maximum lookup bits, returns actual */\n [..]\n if (p \u003e= v + n)\n {\n r.e = INVALIDCODE; /* out of values--invalid code */\n }\n else if (*p \u003c s)\n { /* 256 is end-of-block code */\n r.e = (unsigned char)(*p \u003c 256 ? LITCODE : EOBCODE);\n r.v.n = (unsigned short) *p; /* simple code is just the value*/\n p++;\n }\n else\n {\n r.e = (unsigned char) e[*p - s]; /*non-simple,look up in lists*/\n r.v.n = (unsigned short) d[*p - s];\n p++;\n }\n[..]\n \nThe \"e\" and \"d\" arrays are indexed with the value of \"*p - s\" which is an attacker-controlled value. When the code is reached, this results in an out-of-bounds read access. \n\n7.3. Attack scenarios\n\nThe vulnerabilities affect a varied range of products and programs. The attack scenarios differ based on the way each product makes use of the compression libraries. At very least the following scenarios can be identified:\n\n7.3.1. Attacks against server-side components\n\nSAP Netweaver services like Dispatcher or Gateway handle compressed requests coming from the different clients connecting to them. A remote unauthenticated attacker might be able to connect to the aforementioned services and trigger the vulnerabilities by sending specially crafted packets. \n\n7.3.2. Client-side attacks\n\nAn attacker might be able to perform client-side attacks against users of the affected programs that handle compressed data. For instance, an attacker might send a specially crafted .CAR or .SAR archive file aimed at being decompressed using the SAPCAR tool, or mount a rogue SAP server offering Dispatcher and entice users to connect to this malicious server using SAP GUI. \n\n7.3.3. Man-in-the-middle attacks\n\nAs most of the services affected by these issues are not encrypted by default, an attacker might be able to perform a man-in-the-middle attack and trigger the vulnerabilities by injecting malicious packets within the communication. \n\n7.4. Looking in binaries for compression routines\n\nThe LZC and LZH compression algorithm routines are statically compiled in the different binaries of the affected products and programs. It\u0027s possible to check if a binary includes these functions by looking at whether the algorithm\u0027s constants are used in the program. \n\nThe following Radare [14] command can be used to check if a binary file includes the mentioned constants:\n\n \n$ rafind2 -x fffefcf8f0e0c080 -x 0103070f1f3f7fff \u003cbinary_file\u003e\n \nExample output:\n\n \n$ rafind2 -X -x fffefcf8f0e0c080 -x 0103070f1f3f7fff SAPCAR64 \n\nSAPCAR64: 000 @ 0x1082c1\n offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF\n0x001082c1 0103 070f 1f3f 7fff fffe fcf8 f0e0 c080 .....?.......... \n0x001082d1 0000 0000 0000 0000 0000 0000 0000 0000 ................ \n0x001082e1 0000 0000 0000 0000 0000 0000 0000 0004 ................ \n0x001082f1 0000 0004 0000 0010 0000 0000 0000 0006 ................ \n0x00108301 0000 0008 0000 0010 0000 0000 0000 .............. \n \n\n\n8. Report Timeline\n\n2015-01-20: Core Security sends an initial notification to SAP. Publication date set to Mar 10, 2015 (Patch Tuesday). \n2015-01-21: SAP confirms reception and requests a draft version of the advisory. \n2015-01-21: Core Security sends the draft version of the advisory to the vendor. \n2015-01-21: SAP confirms reception of the report and assigns the following security message Number: 55318 2015. \n2015-01-22: SAP asks if the two vulnerable functions mentioned in the draft are the only ones affected by these vulnerabilities. \n2015-01-22: Core Security informs the vendor that researchers were only able to trigger the vulnerabilities in the functions mentioned in the draft advisory. In case they find other instances where the vulnerabilities can be triggered, Core requests to be informed. \n2015-01-30: Core Security asks the vendor if they were able to verify the vulnerabilities in order to coordinate a proper release date. \n2015-02-02: SAP states that they verified and confirmed the vulnerabilities, are working on a solution, and will provide an update once the solution plan is finished. \n2015-02-04: SAP states that they will be able to provide a fix by May\u0027s Patch Tuesday, 2015, and not March as requested. They also request to know how the advisory is going to be published and if we have any plans to include them in any upcoming presentations. \n2015-02-10: SAP requests confirmation of their previous email in order to coordinate the advisory for the May 12th, 2015. \n2015-02-18: Core Security informs SAP that the date is confirmed and that researchers might present something after the publication of the advisory. \n2015-02-19: SAP states that it is thankful for Core\u0027s commitment to go for a coordinated release. They say they will keep us updated. \n2015-05-07: Core Security reminds SAP that the date for the proposed fix to be released is the following week, therefore we would like to resume communications in order to publish our findings in a coordinated manner. \n2015-05-07: SAP informs that they are on track to release the security notes as part of their May patch day (May 12th, 2015). \n2015-05-11: Core Security asks SAP for the specific time they are planning to publish their security note and requests a tentative link so it can be included in Core\u0027s advisory. Additionally, Core sends a tentative fix for the source code that it is planning to add in its advisory for SAP to review, and a list of vulnerable tools that used the vulnerable code so SAP can contact and inform the owners of the fix. \n2015-05-12: SAP states that they published 4 security notes regarding the issues we reported. They requested for us to wait 3 months to publish our findings and to send them the advisory before is published. \n2015-05-12: Core Security requests that SAP fixes the external ID (Core\u0027s ID) they used and offer Core\u0027s publication link. Additionally, Core explained that is their policy to release their findings the same day the vendor does. Core also reminded SAP that they were still waiting for a reply to their previous email. \n2015-05-12: Advisory CORE-2015-0009 published. \n\n\n9. References\n\n[1] http://en.wikipedia.org/wiki/LZ77_and_LZ78. \n[2] ftp://ftp.sap.com/pub/maxdb/current/7.6.00/. \n[3] http://conus.info/utils/SAP_pkt_decompr.txt. \n[4] https://github.com/sensepost/SAPProx. \n[5] https://github.com/sensepost/SapCap. \n[6] http://blog.ptsecurity.com/2011/10/sap-diag-decompress-plugin-for.html. \n[7] https://github.com/CoreSecurity/pysap. \n[8] https://github.com/CoreSecurity/SAP-Dissection-plug-in-for-Wireshark. \n[9] https://github.com/daberlin/sap-reposrc-decompressor. \n[10] https://labs.mwrinfosecurity.com/tools/sap-decom/. \n[11] http://www.oxid.it/cain.html. \n[12] http://maxdb-7.5.00.sourcearchive.com/documentation/7.5.00.44-2/vpa106cslzc_8cpp-source.html. \n[13] http://maxdb-7.5.00.sourcearchive.com/documentation/7.5.00.44-2/vpa108csulzh_8cpp-source.html. \n[14] http://radare.org/y/. \n[15] https://service.sap.com/securitynotes. \n\n\n10. About CoreLabs\n\nCoreLabs, the research center of Core Security, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. \n\n\n11. About Core Security\n\nCore Security enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. \n\nCore Security\u0027s software solutions build on over a decade of trusted research and leading-edge threat expertise from the company\u0027s Security Consulting Services, CoreLabs and Engineering groups. Core Security can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. \n\n\n12. Disclaimer\n\nThe contents of this advisory are copyright (c) 2015 Core Security and (c) 2015 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/\n\n\n13. PGP/GPG Keys\n\nThis advisory has been signed with the GPG key of Core Security advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2278"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002925"
},
{
"db": "BID",
"id": "74643"
},
{
"db": "VULMON",
"id": "CVE-2015-2278"
},
{
"db": "PACKETSTORM",
"id": "131883"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2278",
"trust": 2.9
},
{
"db": "PACKETSTORM",
"id": "131883",
"trust": 1.8
},
{
"db": "BID",
"id": "74643",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002925",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "64440",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201505-482",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2015-2278",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-2278"
},
{
"db": "BID",
"id": "74643"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002925"
},
{
"db": "PACKETSTORM",
"id": "131883"
},
{
"db": "NVD",
"id": "CVE-2015-2278"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-482"
}
]
},
"id": "VAR-201506-0131",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.167840075
},
"last_update_date": "2023-12-18T13:24:46.085000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP Security Note 2124806/2121661/2127995/2125316",
"trust": 0.8,
"url": "http://scn.sap.com/docs/doc-55451"
},
{
"title": "martingalloar",
"trust": 0.1,
"url": "https://github.com/martingalloar/martingalloar "
},
{
"title": "publications",
"trust": 0.1,
"url": "https://github.com/martingalloar/publications "
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2015/05/14/saps_compression_is_buggy_and_insecure/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/remotely-exploitable-vulnerabilities-in-sap-compression-algorithms/112808/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-2278"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002925"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002925"
},
{
"db": "NVD",
"id": "CVE-2015-2278"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.coresecurity.com/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/131883/sap-lzc-lzh-compression-denial-of-service.html"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2015/may/50"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2015/may/96"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/74643"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/535535/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2278"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2278"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/535535/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/64440"
},
{
"trust": 0.3,
"url": "http://www.sap.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/remotely-exploitable-vulnerabilities-in-sap-compression-algorithms/112808/"
},
{
"trust": 0.1,
"url": "http://maxdb-7.5.00.sourcearchive.com/documentation/7.5.00.44-2/vpa108csulzh_8cpp-source.html."
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com."
},
{
"trust": 0.1,
"url": "https://github.com/sensepost/sapcap."
},
{
"trust": 0.1,
"url": "https://github.com/coresecurity/sap-dissection-plug-in-for-wireshark."
},
{
"trust": 0.1,
"url": "https://github.com/sensepost/sapprox."
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-nc-sa/3.0/us/"
},
{
"trust": 0.1,
"url": "http://maxdb-7.5.00.sourcearchive.com/documentation/7.5.00.44-2/vpa106cslzc_8cpp-source.html."
},
{
"trust": 0.1,
"url": "https://service.sap.com/securitynotes."
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/files/attachments/core_security_advisories.asc."
},
{
"trust": 0.1,
"url": "https://github.com/coresecurity/pysap."
},
{
"trust": 0.1,
"url": "http://conus.info/utils/sap_pkt_decompr.txt."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2282"
},
{
"trust": 0.1,
"url": "http://www.oxid.it/cain.html."
},
{
"trust": 0.1,
"url": "https://labs.mwrinfosecurity.com/tools/sap-decom/."
},
{
"trust": 0.1,
"url": "http://corelabs.coresecurity.com."
},
{
"trust": 0.1,
"url": "https://github.com/daberlin/sap-reposrc-decompressor."
},
{
"trust": 0.1,
"url": "http://blog.ptsecurity.com/2011/10/sap-diag-decompress-plugin-for.html."
},
{
"trust": 0.1,
"url": "http://radare.org/y/."
},
{
"trust": 0.1,
"url": "http://en.wikipedia.org/wiki/lz77_and_lz78."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2278"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-2278"
},
{
"db": "BID",
"id": "74643"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002925"
},
{
"db": "PACKETSTORM",
"id": "131883"
},
{
"db": "NVD",
"id": "CVE-2015-2278"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-482"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2015-2278"
},
{
"db": "BID",
"id": "74643"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002925"
},
{
"db": "PACKETSTORM",
"id": "131883"
},
{
"db": "NVD",
"id": "CVE-2015-2278"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-482"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-02T00:00:00",
"db": "VULMON",
"id": "CVE-2015-2278"
},
{
"date": "2015-05-13T00:00:00",
"db": "BID",
"id": "74643"
},
{
"date": "2015-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002925"
},
{
"date": "2015-05-13T17:48:36",
"db": "PACKETSTORM",
"id": "131883"
},
{
"date": "2015-06-02T14:59:07.537000",
"db": "NVD",
"id": "CVE-2015-2278"
},
{
"date": "2015-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-482"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2015-2278"
},
{
"date": "2015-05-13T00:00:00",
"db": "BID",
"id": "74643"
},
{
"date": "2015-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002925"
},
{
"date": "2018-10-09T19:56:11.780000",
"db": "NVD",
"id": "CVE-2015-2278"
},
{
"date": "2015-06-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-482"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-482"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural SAP Product LZH Service disruption in decompression implementation (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002925"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-482"
}
],
"trust": 0.6
}
}
VAR-201506-0132
Vulnerability from variot - Updated: 2023-12-18 13:24Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316. plural SAP Product LZC Implementation of decompression (vpa106cslzc.cpp of CsObjectInt::CsDecomprLZC function ) Contains a stack-based buffer overflow vulnerability. Vendors have confirmed this vulnerability SAP Security Note 2124806 , 2121661 , 2127995 ,and 2125316 It is released as.Denial of service by attacker ( crash ) Could be put into a state or execute arbitrary code. Multiple SAP Products are prone to a buffer-overflow vulnerability and a denial-of-service vulnerability. Remote attackers can exploit these issues to execute arbitrary code in the context of the application or cause denial-of-service conditions. 1. Advisory Information
Title: SAP LZC/LZH Compression Multiple Vulnerabilities Advisory ID: CORE-2015-0009 Advisory URL: http://www.coresecurity.com/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities Date published: 2015-05-12 Date of last update: 2015-05-12 Vendors contacted: SAP Release mode: Coordinated release
- Vulnerability Information
Class: Out-of-bounds Write [CWE-787], Out-of-bounds Read [CWE-125] Impact: Denial of service Remotely Exploitable: Yes Locally Exploitable: Yes CVE Name: CVE-2015-2282, CVE-2015-2278
- Vulnerability Description
SAP products make use of a proprietary implementation of the Lempel-Ziv-Thomas (LZC) adaptive dictionary compression algorithm and the Lempel-Ziv-Huffman (LZH) compression algorithm [1] . These compression algorithms are used across several SAP products and programs. Vulnerabilities were found in the decompression routines that could be triggered in different scenarios, and could lead to execution of arbitrary code and denial of service conditions.
- Vulnerable Packages
SAP Netweaver Application Server ABAP. SAP Netweaver Application Server Java. SAP Netweaver RFC SDK SAP RFC SDK SAP GUI SAP MaxDB database SAPCAR archive tool Other products and versions might be affected, but they were not tested.
- Vendor Information, Solutions and Workarounds
SAP published the following Security Notes:
2124806 2121661 2127995 2125316 They can be accessed by SAP clients in their Support Portal [15].
Developers who used the Open Source versions of MaxDB 7.5 and 7.6 for their tools should contact SAP.
- Credits
This vulnerability was discovered and researched by Martin Gallo from Core Security Consulting Services. The publication of this advisory was coordinated by Joaquín Rodríguez Varela from Core Advisories Team.
- Technical Description / Proof of Concept Code
SAP products make use of LZC and LZH algorithms for compressing in-transit data for different services (Diag protocol, RFC protocol, MaxDB protocol) and for distributing files (SAPCAR program). The implementation of this algorithm was also included in Open Source versions of MaxDB 7.5 and 7.6 [2], and used on multiple Open Source security-related programs [3][4][5][6][7][8][9][10][11].
The code that handles the decompression of LZC and LZH compressed data is prone to two memory corruption vulnerabilities, as described below.
7.1.
The following snippet of code shows the vulnerable function [file vpa106cslzc.cpp in the MaxDB source code [12]]. This piece of code can be reached by decompressing a specially crafted buffer.
[..] int CsObjectInt::CsDecomprLZC (SAP_BYTE * inbuf, SAP_INT inlen, SAP_BYTE * outbuf, SAP_INT outlen, SAP_INT option, SAP_INT * bytes_read, SAP_INT * bytes_written) [..] / Generate output characters in reverse order .................../ while (code >= 256) { *stackp++ = TAB_SUFFIXOF(code); OVERFLOW_CHECK code = TAB_PREFIXOF(code); } [..] Note that the "code" variable contains an attacker controlled value, resulting in a stack overflow if the value is greater than 256 and the value for that code in the prefix table is also greater than 256. It's possible to fill in the stack with arbitrary values by controlling the values stored in the prefix and suffix tables.
It's also worth mentioning that the above code includes a macro for performing some bounds checks on the stack pointer ("OVERFLOW_CHECK"). However, the check implemented by this macro is not sufficient for avoiding this vulnerability and also could lead to fault conditions when decompressing valid buffers. Moreover, vulnerable products and programs were built without this macro enabled ("CS_STACK_CHECK" macro not defined at the time of compilation).
7.2. LZH decompression out-of-bounds read
The vulnerability [CVE-2015-2278] is caused by an out-of-bounds read of a buffer used by the decompression routine when performing look-ups of non-simple codes.
The following piece of code shows the vulnerable function [file vpa108csulzh.cpp in the MaxDB source code [13]]. This piece of code can be reached by decompressing a specially crafted buffer.
[..] int CsObjectInt::BuildHufTree ( unsigned * b, / code lengths in bits (all assumed <= BMAX) / unsigned n, / number of codes (assumed <= N_MAX) / unsigned s, / number of simple-valued codes (0..s-1) / int * d, / list of base values for non-simple codes / int * e, / list of extra bits for non-simple codes / HUFTREE t, / result: starting table / int * m) / maximum lookup bits, returns actual / [..] if (p >= v + n) { r.e = INVALIDCODE; / out of values--invalid code / } else if (p < s) { / 256 is end-of-block code / r.e = (unsigned char)(p < 256 ? LITCODE : EOBCODE); r.v.n = (unsigned short) p; / simple code is just the value/ p++; } else { r.e = (unsigned char) e[p - s]; /non-simple,look up in lists/ r.v.n = (unsigned short) d[*p - s]; p++; } [..]
The "e" and "d" arrays are indexed with the value of "*p - s" which is an attacker-controlled value. When the code is reached, this results in an out-of-bounds read access.
7.3. Attack scenarios
The vulnerabilities affect a varied range of products and programs. The attack scenarios differ based on the way each product makes use of the compression libraries. At very least the following scenarios can be identified:
7.3.1. Attacks against server-side components
SAP Netweaver services like Dispatcher or Gateway handle compressed requests coming from the different clients connecting to them. A remote unauthenticated attacker might be able to connect to the aforementioned services and trigger the vulnerabilities by sending specially crafted packets.
7.3.2. Client-side attacks
An attacker might be able to perform client-side attacks against users of the affected programs that handle compressed data. For instance, an attacker might send a specially crafted .CAR or .SAR archive file aimed at being decompressed using the SAPCAR tool, or mount a rogue SAP server offering Dispatcher and entice users to connect to this malicious server using SAP GUI.
7.3.3. Man-in-the-middle attacks
As most of the services affected by these issues are not encrypted by default, an attacker might be able to perform a man-in-the-middle attack and trigger the vulnerabilities by injecting malicious packets within the communication.
7.4. Looking in binaries for compression routines
The LZC and LZH compression algorithm routines are statically compiled in the different binaries of the affected products and programs. It's possible to check if a binary includes these functions by looking at whether the algorithm's constants are used in the program.
The following Radare [14] command can be used to check if a binary file includes the mentioned constants:
$ rafind2 -x fffefcf8f0e0c080 -x 0103070f1f3f7fff
Example output:
$ rafind2 -X -x fffefcf8f0e0c080 -x 0103070f1f3f7fff SAPCAR64
SAPCAR64: 000 @ 0x1082c1 offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF 0x001082c1 0103 070f 1f3f 7fff fffe fcf8 f0e0 c080 .....?.......... 0x001082d1 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x001082e1 0000 0000 0000 0000 0000 0000 0000 0004 ................ 0x001082f1 0000 0004 0000 0010 0000 0000 0000 0006 ................ 0x00108301 0000 0008 0000 0010 0000 0000 0000 ..............
- Report Timeline
2015-01-20: Core Security sends an initial notification to SAP. Publication date set to Mar 10, 2015 (Patch Tuesday). 2015-01-21: SAP confirms reception and requests a draft version of the advisory. 2015-01-21: Core Security sends the draft version of the advisory to the vendor. 2015-01-21: SAP confirms reception of the report and assigns the following security message Number: 55318 2015. 2015-01-22: SAP asks if the two vulnerable functions mentioned in the draft are the only ones affected by these vulnerabilities. 2015-01-22: Core Security informs the vendor that researchers were only able to trigger the vulnerabilities in the functions mentioned in the draft advisory. In case they find other instances where the vulnerabilities can be triggered, Core requests to be informed. 2015-01-30: Core Security asks the vendor if they were able to verify the vulnerabilities in order to coordinate a proper release date. 2015-02-02: SAP states that they verified and confirmed the vulnerabilities, are working on a solution, and will provide an update once the solution plan is finished. 2015-02-04: SAP states that they will be able to provide a fix by May's Patch Tuesday, 2015, and not March as requested. They also request to know how the advisory is going to be published and if we have any plans to include them in any upcoming presentations. 2015-02-10: SAP requests confirmation of their previous email in order to coordinate the advisory for the May 12th, 2015. 2015-02-18: Core Security informs SAP that the date is confirmed and that researchers might present something after the publication of the advisory. 2015-02-19: SAP states that it is thankful for Core's commitment to go for a coordinated release. They say they will keep us updated. 2015-05-07: Core Security reminds SAP that the date for the proposed fix to be released is the following week, therefore we would like to resume communications in order to publish our findings in a coordinated manner. 2015-05-07: SAP informs that they are on track to release the security notes as part of their May patch day (May 12th, 2015). 2015-05-11: Core Security asks SAP for the specific time they are planning to publish their security note and requests a tentative link so it can be included in Core's advisory. Additionally, Core sends a tentative fix for the source code that it is planning to add in its advisory for SAP to review, and a list of vulnerable tools that used the vulnerable code so SAP can contact and inform the owners of the fix. 2015-05-12: SAP states that they published 4 security notes regarding the issues we reported. They requested for us to wait 3 months to publish our findings and to send them the advisory before is published. 2015-05-12: Core Security requests that SAP fixes the external ID (Core's ID) they used and offer Core's publication link. Additionally, Core explained that is their policy to release their findings the same day the vendor does. Core also reminded SAP that they were still waiting for a reply to their previous email. 2015-05-12: Advisory CORE-2015-0009 published.
- References
[1] http://en.wikipedia.org/wiki/LZ77_and_LZ78. [2] ftp://ftp.sap.com/pub/maxdb/current/7.6.00/. [3] http://conus.info/utils/SAP_pkt_decompr.txt. [4] https://github.com/sensepost/SAPProx. [5] https://github.com/sensepost/SapCap. [6] http://blog.ptsecurity.com/2011/10/sap-diag-decompress-plugin-for.html. [7] https://github.com/CoreSecurity/pysap. [8] https://github.com/CoreSecurity/SAP-Dissection-plug-in-for-Wireshark. [9] https://github.com/daberlin/sap-reposrc-decompressor. [10] https://labs.mwrinfosecurity.com/tools/sap-decom/. [11] http://www.oxid.it/cain.html. [12] http://maxdb-7.5.00.sourcearchive.com/documentation/7.5.00.44-2/vpa106cslzc_8cpp-source.html. [13] http://maxdb-7.5.00.sourcearchive.com/documentation/7.5.00.44-2/vpa108csulzh_8cpp-source.html. [14] http://radare.org/y/. [15] https://service.sap.com/securitynotes.
- About CoreLabs
CoreLabs, the research center of Core Security, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com.
- About Core Security
Core Security enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations.
Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com.
- Disclaimer
The contents of this advisory are copyright (c) 2015 Core Security and (c) 2015 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/
- PGP/GPG Keys
This advisory has been signed with the GPG key of Core Security advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201506-0132",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "maxdb",
"scope": "eq",
"trust": 2.4,
"vendor": "sap",
"version": "7.5"
},
{
"model": "maxdb",
"scope": "eq",
"trust": 2.4,
"vendor": "sap",
"version": "7.6"
},
{
"model": "gui",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": null
},
{
"model": "netweaver rfc sdk",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": null
},
{
"model": "netweaver java application server",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": null
},
{
"model": "netweaver abap application server",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": null
},
{
"model": "rfc library",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "*"
},
{
"model": "gui",
"scope": null,
"trust": 0.8,
"vendor": "sap",
"version": null
},
{
"model": "netweaver application server abap",
"scope": null,
"trust": 0.8,
"vendor": "sap",
"version": null
},
{
"model": "netweaver application server java",
"scope": null,
"trust": 0.8,
"vendor": "sap",
"version": null
},
{
"model": "netweaver rfc sdk",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "\\u3000"
},
{
"model": "rfc library",
"scope": null,
"trust": 0.6,
"vendor": "sap",
"version": null
},
{
"model": "sapcar archive tool",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "rfc sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "netweaver rfc sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "netweaver application server java",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "maxdb database",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "gui",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "74643"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002923"
},
{
"db": "NVD",
"id": "CVE-2015-2282"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-483"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:maxdb:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_abap_application_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:gui:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:rfc_library:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:maxdb:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_java_application_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_rfc_sdk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2282"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Martin Gallo of Core Security Consulting Services.",
"sources": [
{
"db": "BID",
"id": "74643"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2282",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-2282",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-2282",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201505-483",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-2282",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-2282"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002923"
},
{
"db": "NVD",
"id": "CVE-2015-2282"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-483"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316. plural SAP Product LZC Implementation of decompression (vpa106cslzc.cpp of CsObjectInt::CsDecomprLZC function ) Contains a stack-based buffer overflow vulnerability. Vendors have confirmed this vulnerability SAP Security Note 2124806 , 2121661 , 2127995 ,and 2125316 It is released as.Denial of service by attacker ( crash ) Could be put into a state or execute arbitrary code. Multiple SAP Products are prone to a buffer-overflow vulnerability and a denial-of-service vulnerability. \nRemote attackers can exploit these issues to execute arbitrary code in the context of the application or cause denial-of-service conditions. 1. Advisory Information\n\nTitle: SAP LZC/LZH Compression Multiple Vulnerabilities\nAdvisory ID: CORE-2015-0009\nAdvisory URL: http://www.coresecurity.com/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities\nDate published: 2015-05-12\nDate of last update: 2015-05-12\nVendors contacted: SAP\nRelease mode: Coordinated release\n\n2. Vulnerability Information\n\nClass: Out-of-bounds Write [CWE-787], Out-of-bounds Read [CWE-125]\nImpact: Denial of service\nRemotely Exploitable: Yes\nLocally Exploitable: Yes\nCVE Name: CVE-2015-2282, CVE-2015-2278\n\n\n3. Vulnerability Description\n\nSAP products make use of a proprietary implementation of the Lempel-Ziv-Thomas (LZC) adaptive dictionary compression algorithm and the Lempel-Ziv-Huffman (LZH) compression algorithm [1] . These compression algorithms are used across several SAP products and programs. Vulnerabilities were found in the decompression routines that could be triggered in different scenarios, and could lead to execution of arbitrary code and denial of service conditions. \n\n\n4. Vulnerable Packages\n\nSAP Netweaver Application Server ABAP. \nSAP Netweaver Application Server Java. \nSAP Netweaver RFC SDK\nSAP RFC SDK\nSAP GUI\nSAP MaxDB database\nSAPCAR archive tool\nOther products and versions might be affected, but they were not tested. \n\n\n5. Vendor Information, Solutions and Workarounds\n\nSAP published the following Security Notes:\n\n2124806\n2121661\n2127995\n2125316\nThey can be accessed by SAP clients in their Support Portal [15]. \n\nDevelopers who used the Open Source versions of MaxDB 7.5 and 7.6 for their tools should contact SAP. \n\n\n6. Credits\n\nThis vulnerability was discovered and researched by Martin Gallo from Core Security Consulting Services. The publication of this advisory was coordinated by Joaqu\u00edn Rodr\u00edguez Varela from Core Advisories Team. \n\n\n\n7. Technical Description / Proof of Concept Code\n\nSAP products make use of LZC and LZH algorithms for compressing in-transit data for different services (Diag protocol, RFC protocol, MaxDB protocol) and for distributing files (SAPCAR program). The implementation of this algorithm was also included in Open Source versions of MaxDB 7.5 and 7.6 [2], and used on multiple Open Source security-related programs [3][4][5][6][7][8][9][10][11]. \n\nThe code that handles the decompression of LZC and LZH compressed data is prone to two memory corruption vulnerabilities, as described below. \n\n7.1. \n\nThe following snippet of code shows the vulnerable function [file vpa106cslzc.cpp in the MaxDB source code [12]]. This piece of code can be reached by decompressing a specially crafted buffer. \n\n \n[..]\nint CsObjectInt::CsDecomprLZC (SAP_BYTE * inbuf,\n SAP_INT inlen,\n SAP_BYTE * outbuf,\n SAP_INT outlen,\n SAP_INT option,\n SAP_INT * bytes_read,\n SAP_INT * bytes_written)\n [..]\n /* Generate output characters in reverse order ...................*/\n while (code \u003e= 256)\n {\n *stackp++ = TAB_SUFFIXOF(code);\n OVERFLOW_CHECK\n code = TAB_PREFIXOF(code);\n }\n[..]\nNote that the \"code\" variable contains an attacker controlled value, resulting in a stack overflow if the value is greater than 256 and the value for that code in the prefix table is also greater than 256. It\u0027s possible to fill in the stack with arbitrary values by controlling the values stored in the prefix and suffix tables. \n\nIt\u0027s also worth mentioning that the above code includes a macro for performing some bounds checks on the stack pointer (\"OVERFLOW_CHECK\"). However, the check implemented by this macro is not sufficient for avoiding this vulnerability and also could lead to fault conditions when decompressing valid buffers. Moreover, vulnerable products and programs were built without this macro enabled (\"CS_STACK_CHECK\" macro not defined at the time of compilation). \n\n7.2. LZH decompression out-of-bounds read\n\nThe vulnerability [CVE-2015-2278] is caused by an out-of-bounds read of a buffer used by the decompression routine when performing look-ups of non-simple codes. \n\nThe following piece of code shows the vulnerable function [file vpa108csulzh.cpp in the MaxDB source code [13]]. This piece of code can be reached by decompressing a specially crafted buffer. \n\n \n[..]\nint CsObjectInt::BuildHufTree (\n unsigned * b, /* code lengths in bits (all assumed \u003c= BMAX) */\n unsigned n, /* number of codes (assumed \u003c= N_MAX) */\n unsigned s, /* number of simple-valued codes (0..s-1) */\n int * d, /* list of base values for non-simple codes */\n int * e, /* list of extra bits for non-simple codes */\n HUFTREE **t, /* result: starting table */\n int * m) /* maximum lookup bits, returns actual */\n [..]\n if (p \u003e= v + n)\n {\n r.e = INVALIDCODE; /* out of values--invalid code */\n }\n else if (*p \u003c s)\n { /* 256 is end-of-block code */\n r.e = (unsigned char)(*p \u003c 256 ? LITCODE : EOBCODE);\n r.v.n = (unsigned short) *p; /* simple code is just the value*/\n p++;\n }\n else\n {\n r.e = (unsigned char) e[*p - s]; /*non-simple,look up in lists*/\n r.v.n = (unsigned short) d[*p - s];\n p++;\n }\n[..]\n \nThe \"e\" and \"d\" arrays are indexed with the value of \"*p - s\" which is an attacker-controlled value. When the code is reached, this results in an out-of-bounds read access. \n\n7.3. Attack scenarios\n\nThe vulnerabilities affect a varied range of products and programs. The attack scenarios differ based on the way each product makes use of the compression libraries. At very least the following scenarios can be identified:\n\n7.3.1. Attacks against server-side components\n\nSAP Netweaver services like Dispatcher or Gateway handle compressed requests coming from the different clients connecting to them. A remote unauthenticated attacker might be able to connect to the aforementioned services and trigger the vulnerabilities by sending specially crafted packets. \n\n7.3.2. Client-side attacks\n\nAn attacker might be able to perform client-side attacks against users of the affected programs that handle compressed data. For instance, an attacker might send a specially crafted .CAR or .SAR archive file aimed at being decompressed using the SAPCAR tool, or mount a rogue SAP server offering Dispatcher and entice users to connect to this malicious server using SAP GUI. \n\n7.3.3. Man-in-the-middle attacks\n\nAs most of the services affected by these issues are not encrypted by default, an attacker might be able to perform a man-in-the-middle attack and trigger the vulnerabilities by injecting malicious packets within the communication. \n\n7.4. Looking in binaries for compression routines\n\nThe LZC and LZH compression algorithm routines are statically compiled in the different binaries of the affected products and programs. It\u0027s possible to check if a binary includes these functions by looking at whether the algorithm\u0027s constants are used in the program. \n\nThe following Radare [14] command can be used to check if a binary file includes the mentioned constants:\n\n \n$ rafind2 -x fffefcf8f0e0c080 -x 0103070f1f3f7fff \u003cbinary_file\u003e\n \nExample output:\n\n \n$ rafind2 -X -x fffefcf8f0e0c080 -x 0103070f1f3f7fff SAPCAR64 \n\nSAPCAR64: 000 @ 0x1082c1\n offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF\n0x001082c1 0103 070f 1f3f 7fff fffe fcf8 f0e0 c080 .....?.......... \n0x001082d1 0000 0000 0000 0000 0000 0000 0000 0000 ................ \n0x001082e1 0000 0000 0000 0000 0000 0000 0000 0004 ................ \n0x001082f1 0000 0004 0000 0010 0000 0000 0000 0006 ................ \n0x00108301 0000 0008 0000 0010 0000 0000 0000 .............. \n \n\n\n8. Report Timeline\n\n2015-01-20: Core Security sends an initial notification to SAP. Publication date set to Mar 10, 2015 (Patch Tuesday). \n2015-01-21: SAP confirms reception and requests a draft version of the advisory. \n2015-01-21: Core Security sends the draft version of the advisory to the vendor. \n2015-01-21: SAP confirms reception of the report and assigns the following security message Number: 55318 2015. \n2015-01-22: SAP asks if the two vulnerable functions mentioned in the draft are the only ones affected by these vulnerabilities. \n2015-01-22: Core Security informs the vendor that researchers were only able to trigger the vulnerabilities in the functions mentioned in the draft advisory. In case they find other instances where the vulnerabilities can be triggered, Core requests to be informed. \n2015-01-30: Core Security asks the vendor if they were able to verify the vulnerabilities in order to coordinate a proper release date. \n2015-02-02: SAP states that they verified and confirmed the vulnerabilities, are working on a solution, and will provide an update once the solution plan is finished. \n2015-02-04: SAP states that they will be able to provide a fix by May\u0027s Patch Tuesday, 2015, and not March as requested. They also request to know how the advisory is going to be published and if we have any plans to include them in any upcoming presentations. \n2015-02-10: SAP requests confirmation of their previous email in order to coordinate the advisory for the May 12th, 2015. \n2015-02-18: Core Security informs SAP that the date is confirmed and that researchers might present something after the publication of the advisory. \n2015-02-19: SAP states that it is thankful for Core\u0027s commitment to go for a coordinated release. They say they will keep us updated. \n2015-05-07: Core Security reminds SAP that the date for the proposed fix to be released is the following week, therefore we would like to resume communications in order to publish our findings in a coordinated manner. \n2015-05-07: SAP informs that they are on track to release the security notes as part of their May patch day (May 12th, 2015). \n2015-05-11: Core Security asks SAP for the specific time they are planning to publish their security note and requests a tentative link so it can be included in Core\u0027s advisory. Additionally, Core sends a tentative fix for the source code that it is planning to add in its advisory for SAP to review, and a list of vulnerable tools that used the vulnerable code so SAP can contact and inform the owners of the fix. \n2015-05-12: SAP states that they published 4 security notes regarding the issues we reported. They requested for us to wait 3 months to publish our findings and to send them the advisory before is published. \n2015-05-12: Core Security requests that SAP fixes the external ID (Core\u0027s ID) they used and offer Core\u0027s publication link. Additionally, Core explained that is their policy to release their findings the same day the vendor does. Core also reminded SAP that they were still waiting for a reply to their previous email. \n2015-05-12: Advisory CORE-2015-0009 published. \n\n\n9. References\n\n[1] http://en.wikipedia.org/wiki/LZ77_and_LZ78. \n[2] ftp://ftp.sap.com/pub/maxdb/current/7.6.00/. \n[3] http://conus.info/utils/SAP_pkt_decompr.txt. \n[4] https://github.com/sensepost/SAPProx. \n[5] https://github.com/sensepost/SapCap. \n[6] http://blog.ptsecurity.com/2011/10/sap-diag-decompress-plugin-for.html. \n[7] https://github.com/CoreSecurity/pysap. \n[8] https://github.com/CoreSecurity/SAP-Dissection-plug-in-for-Wireshark. \n[9] https://github.com/daberlin/sap-reposrc-decompressor. \n[10] https://labs.mwrinfosecurity.com/tools/sap-decom/. \n[11] http://www.oxid.it/cain.html. \n[12] http://maxdb-7.5.00.sourcearchive.com/documentation/7.5.00.44-2/vpa106cslzc_8cpp-source.html. \n[13] http://maxdb-7.5.00.sourcearchive.com/documentation/7.5.00.44-2/vpa108csulzh_8cpp-source.html. \n[14] http://radare.org/y/. \n[15] https://service.sap.com/securitynotes. \n\n\n10. About CoreLabs\n\nCoreLabs, the research center of Core Security, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. \n\n\n11. About Core Security\n\nCore Security enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. \n\nCore Security\u0027s software solutions build on over a decade of trusted research and leading-edge threat expertise from the company\u0027s Security Consulting Services, CoreLabs and Engineering groups. Core Security can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. \n\n\n12. Disclaimer\n\nThe contents of this advisory are copyright (c) 2015 Core Security and (c) 2015 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/\n\n\n13. PGP/GPG Keys\n\nThis advisory has been signed with the GPG key of Core Security advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2282"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002923"
},
{
"db": "BID",
"id": "74643"
},
{
"db": "VULMON",
"id": "CVE-2015-2282"
},
{
"db": "PACKETSTORM",
"id": "131883"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2282",
"trust": 2.9
},
{
"db": "PACKETSTORM",
"id": "131883",
"trust": 1.8
},
{
"db": "BID",
"id": "74643",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002923",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "64440",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201505-483",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2015-2282",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-2282"
},
{
"db": "BID",
"id": "74643"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002923"
},
{
"db": "PACKETSTORM",
"id": "131883"
},
{
"db": "NVD",
"id": "CVE-2015-2282"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-483"
}
]
},
"id": "VAR-201506-0132",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.167840075
},
"last_update_date": "2023-12-18T13:24:46.118000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP Security Note 2124806/2121661/2127995/2125316",
"trust": 0.8,
"url": "http://scn.sap.com/docs/doc-55451"
},
{
"title": "martingalloar",
"trust": 0.1,
"url": "https://github.com/martingalloar/martingalloar "
},
{
"title": "publications",
"trust": 0.1,
"url": "https://github.com/martingalloar/publications "
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2015/05/14/saps_compression_is_buggy_and_insecure/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/remotely-exploitable-vulnerabilities-in-sap-compression-algorithms/112808/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-2282"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002923"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002923"
},
{
"db": "NVD",
"id": "CVE-2015-2282"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.coresecurity.com/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/131883/sap-lzc-lzh-compression-denial-of-service.html"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2015/may/50"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2015/may/96"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/74643"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/535535/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2282"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2282"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/535535/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/64440"
},
{
"trust": 0.3,
"url": "http://www.sap.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/remotely-exploitable-vulnerabilities-in-sap-compression-algorithms/112808/"
},
{
"trust": 0.1,
"url": "http://maxdb-7.5.00.sourcearchive.com/documentation/7.5.00.44-2/vpa108csulzh_8cpp-source.html."
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com."
},
{
"trust": 0.1,
"url": "https://github.com/sensepost/sapcap."
},
{
"trust": 0.1,
"url": "https://github.com/coresecurity/sap-dissection-plug-in-for-wireshark."
},
{
"trust": 0.1,
"url": "https://github.com/sensepost/sapprox."
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-nc-sa/3.0/us/"
},
{
"trust": 0.1,
"url": "http://maxdb-7.5.00.sourcearchive.com/documentation/7.5.00.44-2/vpa106cslzc_8cpp-source.html."
},
{
"trust": 0.1,
"url": "https://service.sap.com/securitynotes."
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/files/attachments/core_security_advisories.asc."
},
{
"trust": 0.1,
"url": "https://github.com/coresecurity/pysap."
},
{
"trust": 0.1,
"url": "http://conus.info/utils/sap_pkt_decompr.txt."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2282"
},
{
"trust": 0.1,
"url": "http://www.oxid.it/cain.html."
},
{
"trust": 0.1,
"url": "https://labs.mwrinfosecurity.com/tools/sap-decom/."
},
{
"trust": 0.1,
"url": "http://corelabs.coresecurity.com."
},
{
"trust": 0.1,
"url": "https://github.com/daberlin/sap-reposrc-decompressor."
},
{
"trust": 0.1,
"url": "http://blog.ptsecurity.com/2011/10/sap-diag-decompress-plugin-for.html."
},
{
"trust": 0.1,
"url": "http://radare.org/y/."
},
{
"trust": 0.1,
"url": "http://en.wikipedia.org/wiki/lz77_and_lz78."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2278"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-2282"
},
{
"db": "BID",
"id": "74643"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002923"
},
{
"db": "PACKETSTORM",
"id": "131883"
},
{
"db": "NVD",
"id": "CVE-2015-2282"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-483"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2015-2282"
},
{
"db": "BID",
"id": "74643"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002923"
},
{
"db": "PACKETSTORM",
"id": "131883"
},
{
"db": "NVD",
"id": "CVE-2015-2282"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-483"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-02T00:00:00",
"db": "VULMON",
"id": "CVE-2015-2282"
},
{
"date": "2015-05-13T00:00:00",
"db": "BID",
"id": "74643"
},
{
"date": "2015-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002923"
},
{
"date": "2015-05-13T17:48:36",
"db": "PACKETSTORM",
"id": "131883"
},
{
"date": "2015-06-02T14:59:08.880000",
"db": "NVD",
"id": "CVE-2015-2282"
},
{
"date": "2015-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-483"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2015-2282"
},
{
"date": "2015-05-13T00:00:00",
"db": "BID",
"id": "74643"
},
{
"date": "2015-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002923"
},
{
"date": "2018-10-09T19:56:14.093000",
"db": "NVD",
"id": "CVE-2015-2282"
},
{
"date": "2015-06-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-483"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-483"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural SAP Product LZC Stack-based buffer overflow vulnerability in the decompression implementation",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002923"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-483"
}
],
"trust": 0.6
}
}
VAR-201404-0530
Vulnerability from variot - Updated: 2023-12-18 12:21The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and execute ABAP instructions via crafted help messages. SAP BASIS is prone to a security bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and to gain unauthorized actions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201404-0530",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netweaver abap application server",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": null
},
{
"model": "netweaver application server abap",
"scope": null,
"trust": 0.8,
"vendor": "sap",
"version": null
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.31"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.30"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.20"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.10"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.03"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.02"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.01"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.0"
}
],
"sources": [
{
"db": "BID",
"id": "67304"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002335"
},
{
"db": "NVD",
"id": "CVE-2014-3130"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-608"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_abap_application_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3130"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jordan Santarsieri",
"sources": [
{
"db": "BID",
"id": "67108"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3130",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-3130",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-3130",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201404-608",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002335"
},
{
"db": "NVD",
"id": "CVE-2014-3130"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-608"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and execute ABAP instructions via crafted help messages. SAP BASIS is prone to a security bypass vulnerability. \nSuccessfully exploiting this issue may allow an attacker to bypass certain security restrictions and to gain unauthorized actions",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3130"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002335"
},
{
"db": "BID",
"id": "67108"
},
{
"db": "BID",
"id": "67304"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3130",
"trust": 3.0
},
{
"db": "BID",
"id": "67108",
"trust": 1.3
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002335",
"trust": 0.8
},
{
"db": "FULLDISC",
"id": "20140428 [ONAPSIS SECURITY ADVISORY 2014-009] SAP BASIS MISSING AUTHORIZATION CHECK",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201404-608",
"trust": 0.6
},
{
"db": "BID",
"id": "67304",
"trust": 0.3
}
],
"sources": [
{
"db": "BID",
"id": "67108"
},
{
"db": "BID",
"id": "67304"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002335"
},
{
"db": "NVD",
"id": "CVE-2014-3130"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-608"
}
]
},
"id": "VAR-201404-0530",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.27111164
},
"last_update_date": "2023-12-18T12:21:21.975000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP Security Note 1910914",
"trust": 0.8,
"url": "http://scn.sap.com/docs/doc-8218"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002335"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002335"
},
{
"db": "NVD",
"id": "CVE-2014-3130"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://seclists.org/fulldisclosure/2014/apr/302"
},
{
"trust": 1.6,
"url": "http://scn.sap.com/docs/doc-8218"
},
{
"trust": 1.6,
"url": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-009"
},
{
"trust": 1.6,
"url": "https://service.sap.com/sap/support/notes/1910914"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/67108"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3130"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3130"
},
{
"trust": 0.3,
"url": "http://www.onapsis.com/get.php?resid=adv_onapsis-2014-009"
},
{
"trust": 0.3,
"url": "http://scn.sap.com/community/netweaver-portal"
}
],
"sources": [
{
"db": "BID",
"id": "67108"
},
{
"db": "BID",
"id": "67304"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002335"
},
{
"db": "NVD",
"id": "CVE-2014-3130"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-608"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "67108"
},
{
"db": "BID",
"id": "67304"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002335"
},
{
"db": "NVD",
"id": "CVE-2014-3130"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-608"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-28T00:00:00",
"db": "BID",
"id": "67108"
},
{
"date": "2014-04-28T00:00:00",
"db": "BID",
"id": "67304"
},
{
"date": "2014-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002335"
},
{
"date": "2014-04-30T14:22:07.250000",
"db": "NVD",
"id": "CVE-2014-3130"
},
{
"date": "2014-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-608"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-13T20:01:00",
"db": "BID",
"id": "67108"
},
{
"date": "2014-04-28T00:00:00",
"db": "BID",
"id": "67304"
},
{
"date": "2014-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002335"
},
{
"date": "2014-05-10T04:06:31.937000",
"db": "NVD",
"id": "CVE-2014-3130"
},
{
"date": "2014-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-608"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "67108"
},
{
"db": "BID",
"id": "67304"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP Netweaver ABAP Application Server of Basis of ABAP Help Vulnerability gained in documentation and translation tools",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002335"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "67108"
},
{
"db": "BID",
"id": "67304"
}
],
"trust": 0.6
}
}
VAR-202006-1349
Vulnerability from variot - Updated: 2022-05-11 23:33SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user leading to wrong prices. SAP NetWeaver AS ABAP (Banking Services) Exists in a vulnerability related to lack of authentication.Information may be obtained and tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1349",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "711"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "751"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "752"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "75a"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "75b"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "750"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "75e"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "710"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "740"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "75c"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "75d"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "710"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "711"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "740"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "750"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "751"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "752"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "75a"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "75b"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "75c"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "75d"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "75e"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006625"
},
{
"db": "NVD",
"id": "CVE-2020-6270"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:75a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:75b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:75c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:75d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:75e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:710:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:711:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:740:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:750:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:751:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:752:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6270"
}
]
},
"cve": "CVE-2020-6270",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-6270",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 1.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-006625",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-6270",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-006625",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-6270",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-006625",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-624",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-6270",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-6270"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006625"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-624"
},
{
"db": "NVD",
"id": "CVE-2020-6270"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user leading to wrong prices. SAP NetWeaver AS ABAP (Banking Services) Exists in a vulnerability related to lack of authentication.Information may be obtained and tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6270"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006625"
},
{
"db": "VULMON",
"id": "CVE-2020-6270"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-6270",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006625",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202006-624",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-6270",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-6270"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006625"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-624"
},
{
"db": "NVD",
"id": "CVE-2020-6270"
}
]
},
"id": "VAR-202006-1349",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19642857
},
"last_update_date": "2022-05-11T23:33:11.189000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP Security Patch Day - June 2020",
"trust": 0.8,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=547426775"
},
{
"title": "SAP Netweaver AS ABAP Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=121403"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006625"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-624"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006625"
},
{
"db": "NVD",
"id": "CVE-2020-6270"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://launchpad.support.sap.com/#/notes/2916562"
},
{
"trust": 1.7,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=547426775"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6270"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6270"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-june-2020-32470"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/862.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-6270"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006625"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-624"
},
{
"db": "NVD",
"id": "CVE-2020-6270"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-6270"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006625"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-624"
},
{
"db": "NVD",
"id": "CVE-2020-6270"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-10T00:00:00",
"db": "VULMON",
"id": "CVE-2020-6270"
},
{
"date": "2020-07-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006625"
},
{
"date": "2020-06-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-624"
},
{
"date": "2020-06-10T13:15:00",
"db": "NVD",
"id": "CVE-2020-6270"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-16T00:00:00",
"db": "VULMON",
"id": "CVE-2020-6270"
},
{
"date": "2020-07-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006625"
},
{
"date": "2020-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-624"
},
{
"date": "2020-06-16T14:41:00",
"db": "NVD",
"id": "CVE-2020-6270"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-624"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP NetWeaver AS ABAP Vulnerability regarding lack of authentication in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006625"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-624"
}
],
"trust": 0.6
}
}
VAR-202011-0412
Vulnerability from variot - Updated: 2022-05-04 09:46SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure. SAP NetWeaver AS ABAP Contains an information disclosure vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-0412",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "731"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "751"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "753"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "752"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "750"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "754"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "782"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "755"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "740"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "750"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "731"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "751"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "753"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "740"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "755"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": null
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "754"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "782"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "752"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013123"
},
{
"db": "NVD",
"id": "CVE-2020-26818"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:731:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:740:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:750:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:751:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:752:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:753:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:754:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:755:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:782:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-26818"
}
]
},
"cve": "CVE-2020-26818",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-26818",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-26818",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-26818",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-26818",
"trust": 1.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202011-732",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013123"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-732"
},
{
"db": "NVD",
"id": "CVE-2020-26818"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure. SAP NetWeaver AS ABAP Contains an information disclosure vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-26818"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013123"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-26818",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013123",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202011-732",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013123"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-732"
},
{
"db": "NVD",
"id": "CVE-2020-26818"
}
]
},
"id": "VAR-202011-0412",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19642857
},
"last_update_date": "2022-05-04T09:46:12.633000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP\u00a0Security\u00a0Patch\u00a0Day\u00a0-\u00a0November\u00a02020",
"trust": 0.8,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=562725571"
},
{
"title": "SAP NetWeaver AS ABAP Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=134559"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013123"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-732"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.0
},
{
"problemtype": "information leak (CWE-200) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013123"
},
{
"db": "NVD",
"id": "CVE-2020-26818"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=562725571"
},
{
"trust": 1.6,
"url": "https://launchpad.support.sap.com/#/notes/2971954"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26818"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-november-2020-33867"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013123"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-732"
},
{
"db": "NVD",
"id": "CVE-2020-26818"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013123"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-732"
},
{
"db": "NVD",
"id": "CVE-2020-26818"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-013123"
},
{
"date": "2020-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-732"
},
{
"date": "2020-11-10T17:15:00",
"db": "NVD",
"id": "CVE-2020-26818"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-18T07:26:00",
"db": "JVNDB",
"id": "JVNDB-2020-013123"
},
{
"date": "2021-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-732"
},
{
"date": "2021-07-21T11:39:00",
"db": "NVD",
"id": "CVE-2020-26818"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-732"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP\u00a0NetWeaver\u00a0AS\u00a0ABAP\u00a0 Information Disclosure Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013123"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-732"
}
],
"trust": 0.6
}
}
VAR-202007-1107
Vulnerability from variot - Updated: 2022-05-04 09:28SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files which should otherwise be restricted, leading to Information Disclosure. SAP NetWeaver (ABAP Server) and ABAP Platform There is an information leakage vulnerability in.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-1107",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "abap platform",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "7.31"
},
{
"model": "abap platform",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "7.40"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "750"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "731"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "740"
},
{
"model": "abap platform",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "7.50"
},
{
"model": "abap platform",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "731"
},
{
"model": "abap platform",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "740"
},
{
"model": "abap platform",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "750"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "731"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "740"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "750"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007640"
},
{
"db": "NVD",
"id": "CVE-2020-6280"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:abap_platform:7.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:abap_platform:7.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:abap_platform:7.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:731:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:740:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:750:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6280"
}
]
},
"cve": "CVE-2020-6280",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2020-6280",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-007640",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.2,
"id": "CVE-2020-6280",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.7,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-007640",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-6280",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "JVNDB-2020-007640",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-788",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007640"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-788"
},
{
"db": "NVD",
"id": "CVE-2020-6280"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files which should otherwise be restricted, leading to Information Disclosure. SAP NetWeaver (ABAP Server) and ABAP Platform There is an information leakage vulnerability in.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6280"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007640"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-6280",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007640",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202007-788",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007640"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-788"
},
{
"db": "NVD",
"id": "CVE-2020-6280"
}
]
},
"id": "VAR-202007-1107",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19642857
},
"last_update_date": "2022-05-04T09:28:03.312000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP Security Patch Day - July 2020",
"trust": 0.8,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=552599675"
},
{
"title": "SAP NetWeaver AS ABAP and ABAP Platform Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=124653"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007640"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-788"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007640"
},
{
"db": "NVD",
"id": "CVE-2020-6280"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=552599675"
},
{
"trust": 1.6,
"url": "https://launchpad.support.sap.com/#/notes/2927373"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6280"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6280"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-july-2020-32835"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007640"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-788"
},
{
"db": "NVD",
"id": "CVE-2020-6280"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007640"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-788"
},
{
"db": "NVD",
"id": "CVE-2020-6280"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007640"
},
{
"date": "2020-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-788"
},
{
"date": "2020-07-14T13:15:00",
"db": "NVD",
"id": "CVE-2020-6280"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007640"
},
{
"date": "2020-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-788"
},
{
"date": "2021-07-21T11:39:00",
"db": "NVD",
"id": "CVE-2020-6280"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-788"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP NetWeaver and ABAP Platform Vulnerability regarding information leakage in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007640"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-788"
}
],
"trust": 0.6
}
}
VAR-202011-0413
Vulnerability from variot - Updated: 2022-05-04 09:15SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control. SAP NetWeaver AS ABAP (Web Dynpro) Contains an authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-0413",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "731"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "751"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "753"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "752"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "750"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "754"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "782"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "755"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "740"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "750"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "731"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "751"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "753"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "740"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "755"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": null
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "754"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "782"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "752"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013124"
},
{
"db": "NVD",
"id": "CVE-2020-26819"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:731:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:740:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:750:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:751:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:752:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:753:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:754:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:755:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:782:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-26819"
}
]
},
"cve": "CVE-2020-26819",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-26819",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-26819",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-26819",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-26819",
"trust": 1.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202011-735",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013124"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-735"
},
{
"db": "NVD",
"id": "CVE-2020-26819"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control. SAP NetWeaver AS ABAP (Web Dynpro) Contains an authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-26819"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013124"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-26819",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013124",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202011-735",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013124"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-735"
},
{
"db": "NVD",
"id": "CVE-2020-26819"
}
]
},
"id": "VAR-202011-0413",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19642857
},
"last_update_date": "2022-05-04T09:15:41.487000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP\u00a0Security\u00a0Patch\u00a0Day\u00a0-\u00a0November\u00a02020",
"trust": 0.8,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=562725571"
},
{
"title": "SAP NetWeaver AS ABAP Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=134560"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013124"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-735"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Improper authentication (CWE-287) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013124"
},
{
"db": "NVD",
"id": "CVE-2020-26819"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=562725571"
},
{
"trust": 1.6,
"url": "https://launchpad.support.sap.com/#/notes/2971954"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26819"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-november-2020-33867"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013124"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-735"
},
{
"db": "NVD",
"id": "CVE-2020-26819"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013124"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-735"
},
{
"db": "NVD",
"id": "CVE-2020-26819"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-013124"
},
{
"date": "2020-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-735"
},
{
"date": "2020-11-10T17:15:00",
"db": "NVD",
"id": "CVE-2020-26819"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-18T07:26:00",
"db": "JVNDB",
"id": "JVNDB-2020-013124"
},
{
"date": "2021-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-735"
},
{
"date": "2021-07-21T11:39:00",
"db": "NVD",
"id": "CVE-2020-26819"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-735"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP\u00a0NetWeaver\u00a0AS\u00a0ABAP\u00a0 Authentication vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013124"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-735"
}
],
"trust": 0.6
}
}
VAR-202005-1003
Vulnerability from variot - Updated: 2022-05-04 09:09SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service leading to Denial of Service. SAP NetWeaver AS ABAP (Web Dynpro ABAP) There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-1003",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.1,
"vendor": "sap",
"version": "700"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.1,
"vendor": "sap",
"version": "710"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.1,
"vendor": "sap",
"version": "730"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.1,
"vendor": "sap",
"version": "731"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.1,
"vendor": "sap",
"version": "750"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.1,
"vendor": "sap",
"version": "752"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.1,
"vendor": "sap",
"version": "753"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.1,
"vendor": "sap",
"version": "754"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.1,
"vendor": "sap",
"version": "804"
},
{
"model": "netweaver application server abap",
"scope": null,
"trust": 0.8,
"vendor": "sap",
"version": null
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-6240"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005330"
},
{
"db": "NVD",
"id": "CVE-2020-6240"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:700:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:710:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:730:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:731:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:750:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:752:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:753:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:754:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:804:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6240"
}
]
},
"cve": "CVE-2020-6240",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-6240",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 1.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005330",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-6240",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005330",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-6240",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-005330",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-510",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-6240",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-6240"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005330"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-510"
},
{
"db": "NVD",
"id": "CVE-2020-6240"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service leading to Denial of Service. SAP NetWeaver AS ABAP (Web Dynpro ABAP) There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6240"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005330"
},
{
"db": "VULMON",
"id": "CVE-2020-6240"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-6240",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005330",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "47665",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202005-510",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-6240",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-6240"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005330"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-510"
},
{
"db": "NVD",
"id": "CVE-2020-6240"
}
]
},
"id": "VAR-202005-1003",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19642857
},
"last_update_date": "2022-05-04T09:09:06.772000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP Security Patch Day - May 2020",
"trust": 0.8,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=545396222"
},
{
"title": "SAP NetWeaver AS ABAP Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=118821"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005330"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-510"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005330"
},
{
"db": "NVD",
"id": "CVE-2020-6240"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://launchpad.support.sap.com/#/notes/2856923"
},
{
"trust": 1.7,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=545396222"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6240"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6240"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47665"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-may-2020-32236"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181812"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-6240"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005330"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-510"
},
{
"db": "NVD",
"id": "CVE-2020-6240"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-6240"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005330"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-510"
},
{
"db": "NVD",
"id": "CVE-2020-6240"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-12T00:00:00",
"db": "VULMON",
"id": "CVE-2020-6240"
},
{
"date": "2020-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005330"
},
{
"date": "2020-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-510"
},
{
"date": "2020-05-12T18:15:00",
"db": "NVD",
"id": "CVE-2020-6240"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-14T00:00:00",
"db": "VULMON",
"id": "CVE-2020-6240"
},
{
"date": "2020-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005330"
},
{
"date": "2021-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-510"
},
{
"date": "2021-07-21T11:39:00",
"db": "NVD",
"id": "CVE-2020-6240"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-510"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP NetWeaver AS ABAP Input verification vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005330"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-510"
}
],
"trust": 0.6
}
}
VAR-202006-1351
Vulnerability from variot - Updated: 2022-05-04 09:09SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore, if NTLM is setup the attacker can compromise confidentiality, integrity and availability of the SAP database. SAP Netweaver AS ABAP Contains a server-side request forgery vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1351",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "731"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "700"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "711"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "730"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "751"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "753"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "752"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "750"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "740"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "702"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "754"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "710"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "701"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "700"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "701"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "702"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "710"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "711"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "730"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "731"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "740"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "750"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "751"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "752"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "753"
},
{
"model": "netweaver application server abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "754"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006602"
},
{
"db": "NVD",
"id": "CVE-2020-6275"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:700:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:701:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:702:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:710:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:711:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:730:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:731:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:740:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:750:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:751:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:752:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:753:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:754:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6275"
}
]
},
"cve": "CVE-2020-6275",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-6275",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-006602",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-6275",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006602",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-6275",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-006602",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-619",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006602"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-619"
},
{
"db": "NVD",
"id": "CVE-2020-6275"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore, if NTLM is setup the attacker can compromise confidentiality, integrity and availability of the SAP database. SAP Netweaver AS ABAP Contains a server-side request forgery vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6275"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006602"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-6275",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006602",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "50350",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-619",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006602"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-619"
},
{
"db": "NVD",
"id": "CVE-2020-6275"
}
]
},
"id": "VAR-202006-1351",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19642857
},
"last_update_date": "2022-05-04T09:09:02.626000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP Security Patch Day - June 2020",
"trust": 0.8,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=547426775"
},
{
"title": "SAP NetWeaver AS ABAP Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=121795"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006602"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-619"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-918",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006602"
},
{
"db": "NVD",
"id": "CVE-2020-6275"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://launchpad.support.sap.com/#/notes/2912939"
},
{
"trust": 1.6,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=547426775"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6275"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6275"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-june-2020-32470"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/50350"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006602"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-619"
},
{
"db": "NVD",
"id": "CVE-2020-6275"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006602"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-619"
},
{
"db": "NVD",
"id": "CVE-2020-6275"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006602"
},
{
"date": "2020-06-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-619"
},
{
"date": "2020-06-10T13:15:00",
"db": "NVD",
"id": "CVE-2020-6275"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006602"
},
{
"date": "2020-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-619"
},
{
"date": "2020-06-16T14:57:00",
"db": "NVD",
"id": "CVE-2020-6275"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-619"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP Netweaver AS ABAP Server-Side Request Forgery Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006602"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-619"
}
],
"trust": 0.6
}
}