Vulnerabilites related to SAP - NetWeaver Process Integration
var-201907-1481
Vulnerability from variot
ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system. SAP NetWeaver Process Integration Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SAP NetWeaver Process Integration is prone to a code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary code in the context of the affected application. This may facilitate a compromise of the application and the underlying system; other attacks are also possible
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201907-1481", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "netweaver process integration", scope: "eq", trust: 2.1, vendor: "sap", version: "7.5", }, { model: "netweaver process integration", scope: "eq", trust: 2.1, vendor: "sap", version: "7.4", }, { model: "netweaver process integration", scope: "eq", trust: 2.1, vendor: "sap", version: "7.31", }, { model: "netweaver process integration", scope: "eq", trust: 2.1, vendor: "sap", version: "7.3", }, { model: "netweaver process integration", scope: "eq", trust: 2.1, vendor: "sap", version: "7.1", }, { model: "netweaver process integration", scope: "eq", trust: 2.1, vendor: "sap", version: "7.0", }, ], sources: [ { db: "BID", id: "109067", }, { db: "JVNDB", id: "JVNDB-2019-006505", }, { db: "NVD", id: "CVE-2019-0328", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.31:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2019-0328", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SAP", sources: [ { db: "BID", id: "109067", }, { db: "CNNVD", id: "CNNVD-201907-457", }, ], trust: 0.9, }, cve: "CVE-2019-0328", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", exploitabilityScore: 8, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "Complete", baseScore: 9, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2019-0328", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.2, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 7.2, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2019-0328", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2019-0328", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201907-457", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-006505", }, { db: "NVD", id: "CVE-2019-0328", }, { db: "CNNVD", id: "CNNVD-201907-457", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system. SAP NetWeaver Process Integration Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SAP NetWeaver Process Integration is prone to a code-injection vulnerability. \nAn attacker can exploit this issue to inject and execute arbitrary code in the context of the affected application. This may facilitate a compromise of the application and the underlying system; other attacks are also possible", sources: [ { db: "NVD", id: "CVE-2019-0328", }, { db: "JVNDB", id: "JVNDB-2019-006505", }, { db: "BID", id: "109067", }, ], trust: 1.89, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-0328", trust: 2.7, }, { db: "BID", id: "109067", trust: 1.9, }, { db: "JVNDB", id: "JVNDB-2019-006505", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201907-457", trust: 0.6, }, ], sources: [ { db: "BID", id: "109067", }, { db: "JVNDB", id: "JVNDB-2019-006505", }, { db: "NVD", id: "CVE-2019-0328", }, { db: "CNNVD", id: "CNNVD-201907-457", }, ], }, id: "VAR-201907-1481", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.15555556, }, last_update_date: "2023-12-18T13:43:16.290000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SAP Security Patch Day - July 2019", trust: 0.8, url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=523994575", }, { title: "SAP NetWeaver Process Integration Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=94596", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-006505", }, { db: "CNNVD", id: "CNNVD-201907-457", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-006505", }, { db: "NVD", id: "CVE-2019-0328", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.9, url: "https://launchpad.support.sap.com/#/notes/2774489", }, { trust: 1.9, url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=523994575", }, { trust: 1.6, url: "http://www.securityfocus.com/bid/109067", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-0328", }, { trust: 0.9, url: "http://www.sap.com/", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0328", }, ], sources: [ { db: "BID", id: "109067", }, { db: "JVNDB", id: "JVNDB-2019-006505", }, { db: "NVD", id: "CVE-2019-0328", }, { db: "CNNVD", id: "CNNVD-201907-457", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "BID", id: "109067", }, { db: "JVNDB", id: "JVNDB-2019-006505", }, { db: "NVD", id: "CVE-2019-0328", }, { db: "CNNVD", id: "CNNVD-201907-457", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-07-09T00:00:00", db: "BID", id: "109067", }, { date: "2019-07-22T00:00:00", db: "JVNDB", id: "JVNDB-2019-006505", }, { date: "2019-07-10T20:15:12.123000", db: "NVD", id: "CVE-2019-0328", }, { date: "2019-07-09T00:00:00", db: "CNNVD", id: "CNNVD-201907-457", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-07-09T00:00:00", db: "BID", id: "109067", }, { date: "2019-07-22T00:00:00", db: "JVNDB", id: "JVNDB-2019-006505", }, { date: "2019-07-18T13:37:49.993000", db: "NVD", id: "CVE-2019-0328", }, { date: "2019-07-23T00:00:00", db: "CNNVD", id: "CNNVD-201907-457", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201907-457", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SAP NetWeaver Process Integration In OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2019-006505", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-201907-457", }, ], trust: 0.6, }, }
var-201210-0726
Vulnerability from variot
SAP NetWeaver Process Integration is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201210-0726", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "netweaver process integration", scope: "eq", trust: 0.3, vendor: "sap", version: "7.0", }, ], sources: [ { db: "BID", id: "56316", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Alexander Polyakov, Alexey Tyurin, and Alexandr Minozhenko of ERPScan.", sources: [ { db: "BID", id: "56316", }, ], trust: 0.3, }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SAP NetWeaver Process Integration is prone to an information-disclosure vulnerability.\nAn attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks.", sources: [ { db: "BID", id: "56316", }, ], trust: 0.3, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "BID", id: "56316", trust: 0.3, }, ], sources: [ { db: "BID", id: "56316", }, ], }, id: "VAR-201210-0726", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.15555556, }, last_update_date: "2022-05-17T02:00:08.363000Z", references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 0.3, url: "http://help.sap.com/saphelp_nw04/helpdata/en/20/68a72acfb61f4a9dfefa1901e8c3b6/content.htm", }, { trust: 0.3, url: "https://service.sap.com/sap/support/notes/1723641", }, { trust: 0.3, url: "http://www.sap.com/platform/netweaver/index.epx", }, { trust: 0.3, url: "http://erpscan.com/advisories/dsecrg-12-038-sap-netweaver-pi-sdk-xxe-and-xxe-tunneling/", }, ], sources: [ { db: "BID", id: "56316", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "BID", id: "56316", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2012-10-22T00:00:00", db: "BID", id: "56316", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2012-10-22T00:00:00", db: "BID", id: "56316", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "network", sources: [ { db: "BID", id: "56316", }, ], trust: 0.3, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SAP NetWeaver Process Integration XML External Entity Information Disclosure Vulnerability", sources: [ { db: "BID", id: "56316", }, ], trust: 0.3, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Design Error", sources: [ { db: "BID", id: "56316", }, ], trust: 0.3, }, }
var-202308-2390
Vulnerability from variot
In SAP NetWeaver Process Integration - versions SAP_XIESR 7.50, SAP_XITOOL 7.50, SAP_XIAF 7.50, user-controlled inputs, if not sufficiently encoded, could result in Cross-Site Scripting (XSS) attack. On successful exploitation the attacker can cause limited impact on confidentiality and integrity of the system
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202308-2390", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.50", }, { model: "netweaver process integration", scope: null, trust: 0.8, vendor: "sap", version: null, }, { model: "netweaver process integration", scope: "eq", trust: 0.8, vendor: "sap", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-021548", }, { db: "NVD", id: "CVE-2023-37488", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.50:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-37488", }, ], }, cve: "CVE-2023-37488", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 2, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 6.1, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2023-37488", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Changed", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-37488", trust: 1.8, value: "MEDIUM", }, { author: "cna@sap.com", id: "CVE-2023-37488", trust: 1, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-021548", }, { db: "NVD", id: "CVE-2023-37488", }, { db: "NVD", id: "CVE-2023-37488", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "In SAP NetWeaver Process Integration - versions SAP_XIESR 7.50, SAP_XITOOL 7.50, SAP_XIAF 7.50, user-controlled inputs, if not sufficiently encoded, could result in Cross-Site Scripting (XSS) attack. On successful exploitation the attacker can cause limited impact on confidentiality and integrity of the system", sources: [ { db: "NVD", id: "CVE-2023-37488", }, { db: "JVNDB", id: "JVNDB-2023-021548", }, { db: "VULMON", id: "CVE-2023-37488", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-37488", trust: 2.7, }, { db: "JVNDB", id: "JVNDB-2023-021548", trust: 0.8, }, { db: "VULMON", id: "CVE-2023-37488", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-37488", }, { db: "JVNDB", id: "JVNDB-2023-021548", }, { db: "NVD", id: "CVE-2023-37488", }, ], }, id: "VAR-202308-2390", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.15555556, }, last_update_date: "2024-01-20T23:20:45.277000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1, }, { problemtype: "Cross-site scripting (CWE-79) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-021548", }, { db: "NVD", id: "CVE-2023-37488", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.9, url: "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", }, { trust: 1.1, url: "https://me.sap.com/notes/3350494", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-37488", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/79.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-37488", }, { db: "JVNDB", id: "JVNDB-2023-021548", }, { db: "NVD", id: "CVE-2023-37488", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-37488", }, { db: "JVNDB", id: "JVNDB-2023-021548", }, { db: "NVD", id: "CVE-2023-37488", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-08-08T00:00:00", db: "VULMON", id: "CVE-2023-37488", }, { date: "2024-01-19T00:00:00", db: "JVNDB", id: "JVNDB-2023-021548", }, { date: "2023-08-08T01:15:18.483000", db: "NVD", id: "CVE-2023-37488", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-08-08T00:00:00", db: "VULMON", id: "CVE-2023-37488", }, { date: "2024-01-19T06:54:00", db: "JVNDB", id: "JVNDB-2023-021548", }, { date: "2023-08-15T14:54:40.297000", db: "NVD", id: "CVE-2023-37488", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SAP of SAP NetWeaver Process Integration Cross-site scripting vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2023-021548", }, ], trust: 0.8, }, }
var-202212-1492
Vulnerability from variot
An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data across the entire system. This allows the attacker to have full read access to user data, make limited modifications to user data, and degrade the performance of the system, leading to a high impact on confidentiality and a limited impact on the availability and integrity of the application. SAP of SAP NetWeaver Process Integration Exists in a vulnerability related to the lack of authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202212-1492", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.50", }, { model: "netweaver process integration", scope: null, trust: 0.8, vendor: "sap", version: null, }, { model: "netweaver process integration", scope: "eq", trust: 0.8, vendor: "sap", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-023246", }, { db: "NVD", id: "CVE-2022-41272", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.50:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-41272", }, ], }, cve: "CVE-2022-41272", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 4.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "cna@sap.com", availabilityImpact: "LOW", baseScore: 9.9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.3, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "Low", baseScore: 8.6, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-41272", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2022-41272", trust: 1.8, value: "HIGH", }, { author: "cna@sap.com", id: "CVE-2022-41272", trust: 1, value: "CRITICAL", }, { author: "CNNVD", id: "CNNVD-202212-2962", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-023246", }, { db: "NVD", id: "CVE-2022-41272", }, { db: "NVD", id: "CVE-2022-41272", }, { db: "CNNVD", id: "CNNVD-202212-2962", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data across the entire system. This allows the attacker to have full read access to user data, make limited modifications to user data, and degrade the performance of the system, leading to a high impact on confidentiality and a limited impact on the availability and integrity of the application. SAP of SAP NetWeaver Process Integration Exists in a vulnerability related to the lack of authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2022-41272", }, { db: "JVNDB", id: "JVNDB-2022-023246", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-41272", trust: 3.2, }, { db: "JVNDB", id: "JVNDB-2022-023246", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202212-2962", trust: 0.6, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-023246", }, { db: "NVD", id: "CVE-2022-41272", }, { db: "CNNVD", id: "CNNVD-202212-2962", }, ], }, id: "VAR-202212-1492", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.15555556, }, last_update_date: "2023-12-18T13:00:27.446000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SAP NetWeaver Process Integration Security vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=217793", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202212-2962", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-862", trust: 1, }, { problemtype: "Lack of authentication (CWE-862) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-023246", }, { db: "NVD", id: "CVE-2022-41272", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.4, url: "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", }, { trust: 1.6, url: "https://launchpad.support.sap.com/#/notes/3273480", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-41272", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-41272/", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-de-decembre-2021-40078", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-023246", }, { db: "NVD", id: "CVE-2022-41272", }, { db: "CNNVD", id: "CNNVD-202212-2962", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2022-023246", }, { db: "NVD", id: "CVE-2022-41272", }, { db: "CNNVD", id: "CNNVD-202212-2962", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-11-28T00:00:00", db: "JVNDB", id: "JVNDB-2022-023246", }, { date: "2022-12-13T04:15:24.960000", db: "NVD", id: "CVE-2022-41272", }, { date: "2022-12-13T00:00:00", db: "CNNVD", id: "CNNVD-202212-2962", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-11-28T03:09:00", db: "JVNDB", id: "JVNDB-2022-023246", }, { date: "2023-11-07T03:52:45.597000", db: "NVD", id: "CVE-2022-41272", }, { date: "2022-12-16T00:00:00", db: "CNNVD", id: "CNNVD-202212-2962", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202212-2962", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SAP of SAP NetWeaver Process Integration Vulnerability regarding lack of authentication in", sources: [ { db: "JVNDB", id: "JVNDB-2022-023246", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202212-2962", }, ], trust: 0.6, }, }
var-202104-1030
Vulnerability from variot
In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recommends to refer this note
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202104-1030", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.10", }, { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.20", }, { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.40", }, { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.50", }, { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.31", }, { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.30", }, { model: "netweaver process integration", scope: "eq", trust: 0.8, vendor: "sap", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-005424", }, { db: "NVD", id: "CVE-2021-27604", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.20:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.30:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.31:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.40:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.50:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-27604", }, ], }, cve: "CVE-2021-27604", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "None", baseScore: 4, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-27604", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "cna@sap.com", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.1, impactScore: 4, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 6.5, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-27604", impactScore: null, integrityImpact: "None", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-27604", trust: 1.8, value: "MEDIUM", }, { author: "cna@sap.com", id: "CVE-2021-27604", trust: 1, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202104-711", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2021-27604", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-27604", }, { db: "JVNDB", id: "JVNDB-2021-005424", }, { db: "NVD", id: "CVE-2021-27604", }, { db: "NVD", id: "CVE-2021-27604", }, { db: "CNNVD", id: "CNNVD-202104-711", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recommends to refer this note", sources: [ { db: "NVD", id: "CVE-2021-27604", }, { db: "JVNDB", id: "JVNDB-2021-005424", }, { db: "VULMON", id: "CVE-2021-27604", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-27604", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-005424", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202104-711", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-27604", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-27604", }, { db: "JVNDB", id: "JVNDB-2021-005424", }, { db: "NVD", id: "CVE-2021-27604", }, { db: "CNNVD", id: "CNNVD-202104-711", }, ], }, id: "VAR-202104-1030", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.15555556, }, last_update_date: "2023-12-18T13:51:34.310000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SAP Security Patch Day - April 2021", trust: 0.8, url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=573801649", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-005424", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-611", trust: 1, }, { problemtype: "XML Improper restrictions on external entity references (CWE-611) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-005424", }, { db: "NVD", id: "CVE-2021-27604", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=573801649", }, { trust: 1.7, url: "https://launchpad.support.sap.com/#/notes/3036436", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-27604", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-april-2021-35059", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/611.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-27604", }, { db: "JVNDB", id: "JVNDB-2021-005424", }, { db: "NVD", id: "CVE-2021-27604", }, { db: "CNNVD", id: "CNNVD-202104-711", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-27604", }, { db: "JVNDB", id: "JVNDB-2021-005424", }, { db: "NVD", id: "CVE-2021-27604", }, { db: "CNNVD", id: "CNNVD-202104-711", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-04-14T00:00:00", db: "VULMON", id: "CVE-2021-27604", }, { date: "2021-12-14T00:00:00", db: "JVNDB", id: "JVNDB-2021-005424", }, { date: "2021-04-14T15:15:13.800000", db: "NVD", id: "CVE-2021-27604", }, { date: "2021-04-13T00:00:00", db: "CNNVD", id: "CNNVD-202104-711", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-04-20T00:00:00", db: "VULMON", id: "CVE-2021-27604", }, { date: "2021-12-14T07:19:00", db: "JVNDB", id: "JVNDB-2021-005424", }, { date: "2021-08-27T17:37:52.737000", db: "NVD", id: "CVE-2021-27604", }, { date: "2021-04-22T00:00:00", db: "CNNVD", id: "CNNVD-202104-711", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202104-711", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SAP NetWeaver ABAP Server and ABAP Platform In XML External entity vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2021-005424", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "code problem", sources: [ { db: "CNNVD", id: "CNNVD-202104-711", }, ], trust: 0.6, }, }
var-201904-1086
Vulnerability from variot
SAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; is vulnerable to Digital Signature Spoofing. It is possible to spoof XML signatures and send arbitrary requests to the server via PI Axis adapter. These requests will be accepted by the PI Axis adapter even if the payload has been altered, especially when the signed element is the body of the xml document. An attacker can exploit this issue to conduct spoofing attacks, disclose sensitive information and perform unauthorized actions. This may aid in further attacks
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201904-1086", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.30", }, { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.31", }, { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.40", }, { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.50", }, { model: "netweaver process integration", scope: "eq", trust: 1, vendor: "sap", version: "7.10", }, { model: "netweaver process integration", scope: "eq", trust: 1, vendor: "sap", version: "7.11", }, { model: "netweaver process integration", scope: "eq", trust: 0.8, vendor: "sap", version: "7.10 to 7.11", }, { model: "netweaver process integration", scope: "eq", trust: 0.3, vendor: "sap", version: "750", }, { model: "netweaver process integration", scope: "eq", trust: 0.3, vendor: "sap", version: "740", }, { model: "netweaver process integration", scope: "eq", trust: 0.3, vendor: "sap", version: "731", }, { model: "netweaver process integration", scope: "eq", trust: 0.3, vendor: "sap", version: "730", }, { model: "netweaver process integration", scope: "eq", trust: 0.3, vendor: "sap", version: "711", }, { model: "netweaver process integration", scope: "eq", trust: 0.3, vendor: "sap", version: "710", }, ], sources: [ { db: "BID", id: "107808", }, { db: "JVNDB", id: "JVNDB-2019-003333", }, { db: "NVD", id: "CVE-2019-0283", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.11:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.30:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.40:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.31:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.50:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2019-0283", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The vendor reported this issue.", sources: [ { db: "BID", id: "107808", }, ], trust: 0.3, }, cve: "CVE-2019-0283", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "NONE", baseScore: 5.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, impactScore: 4.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "None", baseScore: 5.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2019-0283", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "LOW", exploitabilityScore: 2.8, impactScore: 4.2, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.1, baseSeverity: "High", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2019-0283", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2019-0283", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201904-421", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2019-0283", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2019-0283", }, { db: "JVNDB", id: "JVNDB-2019-003333", }, { db: "NVD", id: "CVE-2019-0283", }, { db: "CNNVD", id: "CNNVD-201904-421", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; is vulnerable to Digital Signature Spoofing. It is possible to spoof XML signatures and send arbitrary requests to the server via PI Axis adapter. These requests will be accepted by the PI Axis adapter even if the payload has been altered, especially when the signed element is the body of the xml document. \nAn attacker can exploit this issue to conduct spoofing attacks, disclose sensitive information and perform unauthorized actions. This may aid in further attacks", sources: [ { db: "NVD", id: "CVE-2019-0283", }, { db: "JVNDB", id: "JVNDB-2019-003333", }, { db: "BID", id: "107808", }, { db: "VULMON", id: "CVE-2019-0283", }, ], trust: 1.98, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-0283", trust: 2.8, }, { db: "BID", id: "107808", trust: 1, }, { db: "JVNDB", id: "JVNDB-2019-003333", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201904-421", trust: 0.6, }, { db: "VULMON", id: "CVE-2019-0283", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2019-0283", }, { db: "BID", id: "107808", }, { db: "JVNDB", id: "JVNDB-2019-003333", }, { db: "NVD", id: "CVE-2019-0283", }, { db: "CNNVD", id: "CNNVD-201904-421", }, ], }, id: "VAR-201904-1086", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.15555556, }, last_update_date: "2023-12-18T13:28:33.516000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SAP Security Patch Day - April 2019", trust: 0.8, url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=517899114", }, { title: "SAP NetWeaver Process Integration Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=91250", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-003333", }, { db: "CNNVD", id: "CNNVD-201904-421", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-290", trust: 1, }, { problemtype: "CWE-284", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-003333", }, { db: "NVD", id: "CVE-2019-0283", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=517899114", }, { trust: 2, url: "https://launchpad.support.sap.com/#/notes/2747683", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-0283", }, { trust: 1.3, url: "http://www.securityfocus.com/bid/107808", }, { trust: 0.9, url: "http://www.sap.com/", }, { trust: 0.9, url: "https://help.sap.com/nw_platform", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0283", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/sap-multiples-vulnerabilities-of-april-2019-28982", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/290.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2019-0283", }, { db: "BID", id: "107808", }, { db: "JVNDB", id: "JVNDB-2019-003333", }, { db: "NVD", id: "CVE-2019-0283", }, { db: "CNNVD", id: "CNNVD-201904-421", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2019-0283", }, { db: "BID", id: "107808", }, { db: "JVNDB", id: "JVNDB-2019-003333", }, { db: "NVD", id: "CVE-2019-0283", }, { db: "CNNVD", id: "CNNVD-201904-421", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-04-10T00:00:00", db: "VULMON", id: "CVE-2019-0283", }, { date: "2019-04-09T00:00:00", db: "BID", id: "107808", }, { date: "2019-05-15T00:00:00", db: "JVNDB", id: "JVNDB-2019-003333", }, { date: "2019-04-10T21:29:01.277000", db: "NVD", id: "CVE-2019-0283", }, { date: "2019-04-09T00:00:00", db: "CNNVD", id: "CNNVD-201904-421", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-08-24T00:00:00", db: "VULMON", id: "CVE-2019-0283", }, { date: "2019-04-09T00:00:00", db: "BID", id: "107808", }, { date: "2019-05-15T00:00:00", db: "JVNDB", id: "JVNDB-2019-003333", }, { date: "2020-08-24T17:37:01.140000", db: "NVD", id: "CVE-2019-0283", }, { date: "2020-08-25T00:00:00", db: "CNNVD", id: "CNNVD-201904-421", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201904-421", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SAP NetWeaver Process Integration Access control vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2019-003333", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "access control error", sources: [ { db: "CNNVD", id: "CNNVD-201904-421", }, ], trust: 0.6, }, }
var-201210-0565
Vulnerability from variot
The goal of Sap Netweaver Process Integration is to provide a unified technology platform for connections between different systems. There is an unspecified error in Sap Netweaver Process Integration. Allows an attacker to exploit a vulnerability to bypass security restrictions. Remote attackers can exploit this issue to bypass the authentication mechanism and gain unauthorized access. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: SAP NetWeaver Process Integration Authentication Bypass Vulnerability
SECUNIA ADVISORY ID: SA50886
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50886/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50886
RELEASE DATE: 2012-10-05
DISCUSS ADVISORY: http://secunia.com/advisories/50886/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/50886/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50886
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: ERPScan has reported a vulnerability in SAP NetWeaver Process Integration, which can be exploited by malicious people to bypass certain security restrictions. No further information is currently available.
SOLUTION: Apply SAP Security Note 1705800.
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: Alexander Polyakov, Alexey Tyurin, and Alexandr Minozhenko, ERPScan.
ORIGINAL ADVISORY:
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201210-0565", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "netweaver process integration", scope: "eq", trust: 0.8, vendor: "sap", version: "7.x", }, ], sources: [ { db: "IVD", id: "650cbb9c-1f52-11e6-abef-000c29c66e3d", }, { db: "CNVD", id: "CNVD-2012-5639", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Alexander Polyakov, Alexey Tyurin, and Alexandr Minozhenko of ERPScan", sources: [ { db: "BID", id: "55811", }, { db: "CNNVD", id: "CNNVD-201210-249", }, ], trust: 0.9, }, cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: null, accessVector: null, authentication: null, author: "IVD", availabilityImpact: null, baseScore: null, confidentialityImpact: null, exploitabilityScore: null, id: "650cbb9c-1f52-11e6-abef-000c29c66e3d", impactScore: null, integrityImpact: null, severity: null, trust: 0.2, vectorString: null, version: "unknown", }, ], cvssV3: [], severity: [ { author: "IVD", id: "650cbb9c-1f52-11e6-abef-000c29c66e3d", trust: 0.2, value: "MEDIUM", }, ], }, ], sources: [ { db: "IVD", id: "650cbb9c-1f52-11e6-abef-000c29c66e3d", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The goal of Sap Netweaver Process Integration is to provide a unified technology platform for connections between different systems. There is an unspecified error in Sap Netweaver Process Integration. Allows an attacker to exploit a vulnerability to bypass security restrictions. \nRemote attackers can exploit this issue to bypass the authentication mechanism and gain unauthorized access. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nSAP NetWeaver Process Integration Authentication Bypass Vulnerability\n\nSECUNIA ADVISORY ID:\nSA50886\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/50886/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory&vuln_id=50886\n\nRELEASE DATE:\n2012-10-05\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/50886/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/50886/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory&vuln_id=50886\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nERPScan has reported a vulnerability in SAP NetWeaver Process\nIntegration, which can be exploited by malicious people to bypass\ncertain security restrictions. No further\ninformation is currently available. \n\nSOLUTION:\nApply SAP Security Note 1705800. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nAlexander Polyakov, Alexey Tyurin, and Alexandr Minozhenko, ERPScan. \n\nORIGINAL ADVISORY:\n[DSECRG-12-036]:\nhttp://erpscan.com/advisories/dsecrg-12-036-sap-xi-authentication-bypass/\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", sources: [ { db: "CNVD", id: "CNVD-2012-5639", }, { db: "BID", id: "55811", }, { db: "IVD", id: "650cbb9c-1f52-11e6-abef-000c29c66e3d", }, { db: "PACKETSTORM", id: "117155", }, ], trust: 1.08, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "BID", id: "55811", trust: 1.5, }, { db: "CNVD", id: "CNVD-2012-5639", trust: 0.8, }, { db: "SECUNIA", id: "50886", trust: 0.7, }, { db: "CNNVD", id: "CNNVD-201210-249", trust: 0.6, }, { db: "IVD", id: "650CBB9C-1F52-11E6-ABEF-000C29C66E3D", trust: 0.2, }, { db: "PACKETSTORM", id: "117155", trust: 0.1, }, ], sources: [ { db: "IVD", id: "650cbb9c-1f52-11e6-abef-000c29c66e3d", }, { db: "CNVD", id: "CNVD-2012-5639", }, { db: "BID", id: "55811", }, { db: "PACKETSTORM", id: "117155", }, { db: "CNNVD", id: "CNNVD-201210-249", }, ], }, id: "VAR-201210-0565", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "IVD", id: "650cbb9c-1f52-11e6-abef-000c29c66e3d", }, { db: "CNVD", id: "CNVD-2012-5639", }, ], trust: 0.9555555600000001, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.8, }, ], sources: [ { db: "IVD", id: "650cbb9c-1f52-11e6-abef-000c29c66e3d", }, { db: "CNVD", id: "CNVD-2012-5639", }, ], }, last_update_date: "2022-05-17T22:39:28.396000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SAP NetWeaver Process Integration has patches for unexplained validation bypass vulnerabilities", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/23558", }, ], sources: [ { db: "CNVD", id: "CNVD-2012-5639", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 0.6, url: "http://secunia.com/advisories/50886/http", }, { trust: 0.6, url: "http://www.securityfocus.com/bid/55811", }, { trust: 0.4, url: "http://erpscan.com/advisories/dsecrg-12-036-sap-xi-authentication-bypass/", }, { trust: 0.3, url: "http://www.sap.com/platform/netweaver/index.epx", }, { trust: 0.1, url: "http://secunia.com/vulnerability_intelligence/", }, { trust: 0.1, url: "http://secunia.com/advisories/secunia_security_advisories/", }, { trust: 0.1, url: "http://secunia.com/advisories/50886/", }, { trust: 0.1, url: "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/", }, { trust: 0.1, url: "http://secunia.com/advisories/50886/#comments", }, { trust: 0.1, url: "http://secunia.com/vulnerability_scanning/personal/", }, { trust: 0.1, url: "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org", }, { trust: 0.1, url: "https://ca.secunia.com/?page=viewadvisory&vuln_id=50886", }, { trust: 0.1, url: "http://secunia.com/blog/325/", }, { trust: 0.1, url: "http://secunia.com/advisories/about_secunia_advisories/", }, ], sources: [ { db: "CNVD", id: "CNVD-2012-5639", }, { db: "BID", id: "55811", }, { db: "PACKETSTORM", id: "117155", }, { db: "CNNVD", id: "CNNVD-201210-249", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "IVD", id: "650cbb9c-1f52-11e6-abef-000c29c66e3d", }, { db: "CNVD", id: "CNVD-2012-5639", }, { db: "BID", id: "55811", }, { db: "PACKETSTORM", id: "117155", }, { db: "CNNVD", id: "CNNVD-201210-249", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2012-10-11T00:00:00", db: "IVD", id: "650cbb9c-1f52-11e6-abef-000c29c66e3d", }, { date: "2012-10-11T00:00:00", db: "CNVD", id: "CNVD-2012-5639", }, { date: "2012-10-05T00:00:00", db: "BID", id: "55811", }, { date: "2012-10-05T04:47:19", db: "PACKETSTORM", id: "117155", }, { date: "2012-10-16T00:00:00", db: "CNNVD", id: "CNNVD-201210-249", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2012-10-11T00:00:00", db: "CNVD", id: "CNVD-2012-5639", }, { date: "2012-10-05T00:00:00", db: "BID", id: "55811", }, { date: "2012-10-16T00:00:00", db: "CNNVD", id: "CNNVD-201210-249", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201210-249", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SAP NetWeaver Process Integration Unknown Authentication Bypass Vulnerability", sources: [ { db: "IVD", id: "650cbb9c-1f52-11e6-abef-000c29c66e3d", }, { db: "CNNVD", id: "CNNVD-201210-249", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Unknown", sources: [ { db: "BID", id: "55811", }, ], trust: 0.3, }, }
var-201904-1085
Vulnerability from variot
Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose internal data like release information, Java package and Java object names which can be misused by the attacker. SAP NetWeaver Process Integration (Runtime Workbench) Contains an information disclosure vulnerability.Information may be obtained. SAP NetWeaver Process Integration is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201904-1085", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.30", }, { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.31", }, { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.40", }, { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.50", }, { model: "netweaver process integration", scope: "eq", trust: 1, vendor: "sap", version: "7.10", }, { model: "netweaver process integration", scope: "eq", trust: 1, vendor: "sap", version: "7.11", }, { model: "netweaver process integration", scope: "eq", trust: 0.8, vendor: "sap", version: "7.10 to 7.11", }, { model: "netweaver process integration", scope: "eq", trust: 0.3, vendor: "sap", version: "750", }, { model: "netweaver process integration", scope: "eq", trust: 0.3, vendor: "sap", version: "740", }, { model: "netweaver process integration", scope: "eq", trust: 0.3, vendor: "sap", version: "731", }, { model: "netweaver process integration", scope: "eq", trust: 0.3, vendor: "sap", version: "730", }, { model: "netweaver process integration", scope: "eq", trust: 0.3, vendor: "sap", version: "711", }, { model: "netweaver process integration", scope: "eq", trust: 0.3, vendor: "sap", version: "710", }, ], sources: [ { db: "BID", id: "107801", }, { db: "JVNDB", id: "JVNDB-2019-003332", }, { db: "NVD", id: "CVE-2019-0282", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.11:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.30:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.31:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.40:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.50:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2019-0282", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The vendor reported the issue.", sources: [ { db: "BID", id: "107801", }, { db: "CNNVD", id: "CNNVD-201904-374", }, ], trust: 0.9, }, cve: "CVE-2019-0282", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2019-0282", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 3.9, impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 5.3, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2019-0282", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2019-0282", trust: 1.8, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201904-374", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-003332", }, { db: "NVD", id: "CVE-2019-0282", }, { db: "CNNVD", id: "CNNVD-201904-374", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose internal data like release information, Java package and Java object names which can be misused by the attacker. SAP NetWeaver Process Integration (Runtime Workbench) Contains an information disclosure vulnerability.Information may be obtained. SAP NetWeaver Process Integration is prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information that may aid in launching further attacks", sources: [ { db: "NVD", id: "CVE-2019-0282", }, { db: "JVNDB", id: "JVNDB-2019-003332", }, { db: "BID", id: "107801", }, ], trust: 1.89, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-0282", trust: 2.7, }, { db: "BID", id: "107801", trust: 0.9, }, { db: "JVNDB", id: "JVNDB-2019-003332", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201904-374", trust: 0.6, }, ], sources: [ { db: "BID", id: "107801", }, { db: "JVNDB", id: "JVNDB-2019-003332", }, { db: "NVD", id: "CVE-2019-0282", }, { db: "CNNVD", id: "CNNVD-201904-374", }, ], }, id: "VAR-201904-1085", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.15555556, }, last_update_date: "2023-12-18T12:43:33.509000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SAP Security Patch Day - April 2019", trust: 0.8, url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=517899114", }, { title: "SAP NetWeaver Process Integration Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=91203", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-003332", }, { db: "CNNVD", id: "CNNVD-201904-374", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-287", trust: 1, }, { problemtype: "CWE-200", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-003332", }, { db: "NVD", id: "CVE-2019-0282", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.9, url: "https://launchpad.support.sap.com/#/notes/2742758", }, { trust: 1.9, url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=517899114", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-0282", }, { trust: 1.2, url: "https://www.securityfocus.com/bid/107801", }, { trust: 0.9, url: "http://www.sap.com", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0282", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/sap-multiples-vulnerabilities-of-april-2019-28982", }, ], sources: [ { db: "BID", id: "107801", }, { db: "JVNDB", id: "JVNDB-2019-003332", }, { db: "NVD", id: "CVE-2019-0282", }, { db: "CNNVD", id: "CNNVD-201904-374", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "BID", id: "107801", }, { db: "JVNDB", id: "JVNDB-2019-003332", }, { db: "NVD", id: "CVE-2019-0282", }, { db: "CNNVD", id: "CNNVD-201904-374", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-04-09T00:00:00", db: "BID", id: "107801", }, { date: "2019-05-15T00:00:00", db: "JVNDB", id: "JVNDB-2019-003332", }, { date: "2019-04-10T21:29:01.217000", db: "NVD", id: "CVE-2019-0282", }, { date: "2019-04-09T00:00:00", db: "CNNVD", id: "CNNVD-201904-374", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-04-09T00:00:00", db: "BID", id: "107801", }, { date: "2019-05-15T00:00:00", db: "JVNDB", id: "JVNDB-2019-003332", }, { date: "2020-08-24T17:37:01.140000", db: "NVD", id: "CVE-2019-0282", }, { date: "2020-10-28T00:00:00", db: "CNNVD", id: "CNNVD-201904-374", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201904-374", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SAP NetWeaver Process Integration Vulnerable to information disclosure", sources: [ { db: "JVNDB", id: "JVNDB-2019-003332", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "authorization issue", sources: [ { db: "CNNVD", id: "CNNVD-201904-374", }, ], trust: 0.6, }, }
var-202307-0926
Vulnerability from variot
The Message Display Tool (MDT) of SAP NetWeaver Process Integration - version SAP_XIAF 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configuration. The vulnerability does not allow access to sensitive information or administrative functionalities. On successful exploitation an attacker can cause limited impact on confidentiality and availability of the application. SAP of SAP NetWeaver Process Integration There is a vulnerability in the lack of authentication for critical features.Information is obtained and service operation is interrupted (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0926", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.50", }, { model: "netweaver process integration", scope: null, trust: 0.8, vendor: "sap", version: null, }, { model: "netweaver process integration", scope: "eq", trust: 0.8, vendor: "sap", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-021770", }, { db: "NVD", id: "CVE-2023-35872", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.50:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-35872", }, ], }, cve: "CVE-2023-35872", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 3.9, impactScore: 2.5, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "Low", baseScore: 6.5, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2023-35872", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-35872", trust: 1.8, value: "MEDIUM", }, { author: "cna@sap.com", id: "CVE-2023-35872", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202307-691", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-021770", }, { db: "CNNVD", id: "CNNVD-202307-691", }, { db: "NVD", id: "CVE-2023-35872", }, { db: "NVD", id: "CVE-2023-35872", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The Message Display Tool (MDT) of SAP NetWeaver Process Integration - version SAP_XIAF 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configuration. The vulnerability does not allow access to sensitive information or administrative functionalities. On successful exploitation an attacker can cause limited impact on confidentiality and availability of the application. SAP of SAP NetWeaver Process Integration There is a vulnerability in the lack of authentication for critical features.Information is obtained and service operation is interrupted (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2023-35872", }, { db: "JVNDB", id: "JVNDB-2023-021770", }, { db: "VULMON", id: "CVE-2023-35872", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-35872", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2023-021770", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202307-691", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-35872", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-35872", }, { db: "JVNDB", id: "JVNDB-2023-021770", }, { db: "CNNVD", id: "CNNVD-202307-691", }, { db: "NVD", id: "CVE-2023-35872", }, ], }, id: "VAR-202307-0926", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.15555556, }, last_update_date: "2024-01-21T22:53:54.386000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SAP NetWeaver Process Integration Fixes for access control error vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246820", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202307-691", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-306", trust: 1, }, { problemtype: "Lack of authentication for critical features (CWE-306) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-021770", }, { db: "NVD", id: "CVE-2023-35872", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", }, { trust: 1.7, url: "https://me.sap.com/notes/3343564", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-35872", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-35872/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/306.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-35872", }, { db: "JVNDB", id: "JVNDB-2023-021770", }, { db: "CNNVD", id: "CNNVD-202307-691", }, { db: "NVD", id: "CVE-2023-35872", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-35872", }, { db: "JVNDB", id: "JVNDB-2023-021770", }, { db: "CNNVD", id: "CNNVD-202307-691", }, { db: "NVD", id: "CVE-2023-35872", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-07-11T00:00:00", db: "VULMON", id: "CVE-2023-35872", }, { date: "2024-01-19T00:00:00", db: "JVNDB", id: "JVNDB-2023-021770", }, { date: "2023-07-11T00:00:00", db: "CNNVD", id: "CNNVD-202307-691", }, { date: "2023-07-11T03:15:09.930000", db: "NVD", id: "CVE-2023-35872", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-07-11T00:00:00", db: "VULMON", id: "CVE-2023-35872", }, { date: "2024-01-19T08:08:00", db: "JVNDB", id: "JVNDB-2023-021770", }, { date: "2023-07-20T00:00:00", db: "CNNVD", id: "CNNVD-202307-691", }, { date: "2023-07-19T13:36:59.200000", db: "NVD", id: "CVE-2023-35872", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202307-691", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SAP of SAP NetWeaver Process Integration Vulnerability regarding lack of authentication for critical features in", sources: [ { db: "JVNDB", id: "JVNDB-2023-021770", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "access control error", sources: [ { db: "CNNVD", id: "CNNVD-202307-691", }, ], trust: 0.6, }, }
var-201906-1082
Vulnerability from variot
Several web pages provided SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 and SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50) are not password protected. An attacker could access landscape information like host names, ports or other technical data in the absence of restrictive firewall and port settings. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201906-1082", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "netweaver process integration", scope: "eq", trust: 1.3, vendor: "sap", version: "7.50", }, { model: "netweaver process integration", scope: "eq", trust: 1.3, vendor: "sap", version: "7.40", }, { model: "netweaver process integration", scope: "eq", trust: 1.3, vendor: "sap", version: "7.31", }, { model: "netweaver process integration", scope: "eq", trust: 1.3, vendor: "sap", version: "7.30", }, { model: "netweaver process integration", scope: "eq", trust: 1.3, vendor: "sap", version: "7.20", }, { model: "netweaver process integration", scope: "eq", trust: 1.3, vendor: "sap", version: "7.11", }, { model: "netweaver process integration", scope: "eq", trust: 1.3, vendor: "sap", version: "7.10", }, { model: "netweaver process integration", scope: null, trust: 0.8, vendor: "sap", version: null, }, ], sources: [ { db: "BID", id: "108703", }, { db: "JVNDB", id: "JVNDB-2019-005477", }, { db: "NVD", id: "CVE-2019-0312", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.50:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.20:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.11:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.30:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.31:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.40:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2019-0312", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The vendor reported the issue.", sources: [ { db: "BID", id: "108703", }, { db: "CNNVD", id: "CNNVD-201906-503", }, ], trust: 0.9, }, cve: "CVE-2019-0312", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2019-0312", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 3.9, impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 5.3, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2019-0312", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2019-0312", trust: 1.8, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201906-503", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-005477", }, { db: "NVD", id: "CVE-2019-0312", }, { db: "CNNVD", id: "CNNVD-201906-503", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Several web pages provided SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 and SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50) are not password protected. An attacker could access landscape information like host names, ports or other technical data in the absence of restrictive firewall and port settings. \nAttackers can exploit this issue to obtain sensitive information that may aid in launching further attacks", sources: [ { db: "NVD", id: "CVE-2019-0312", }, { db: "JVNDB", id: "JVNDB-2019-005477", }, { db: "BID", id: "108703", }, ], trust: 1.89, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-0312", trust: 2.7, }, { db: "BID", id: "108703", trust: 0.9, }, { db: "JVNDB", id: "JVNDB-2019-005477", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201906-503", trust: 0.6, }, ], sources: [ { db: "BID", id: "108703", }, { db: "JVNDB", id: "JVNDB-2019-005477", }, { db: "NVD", id: "CVE-2019-0312", }, { db: "CNNVD", id: "CNNVD-201906-503", }, ], }, id: "VAR-201906-1082", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.15555556, }, last_update_date: "2023-12-18T13:47:53.929000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SAP Security Patch Day - June 2019", trust: 0.8, url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=521864242", }, { title: "SAP NetWeaver Process Integration Repair measures for information disclosure vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93738", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-005477", }, { db: "CNNVD", id: "CNNVD-201906-503", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-306", trust: 1, }, { problemtype: "CWE-200", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-005477", }, { db: "NVD", id: "CVE-2019-0312", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.9, url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=521864242", }, { trust: 1.9, url: "https://launchpad.support.sap.com/#/notes/2744086", }, { trust: 0.9, url: "http://www.sap.com", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0312", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2019-0312", }, { trust: 0.6, url: "https://www.securityfocus.com/bid/108703", }, ], sources: [ { db: "BID", id: "108703", }, { db: "JVNDB", id: "JVNDB-2019-005477", }, { db: "NVD", id: "CVE-2019-0312", }, { db: "CNNVD", id: "CNNVD-201906-503", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "BID", id: "108703", }, { db: "JVNDB", id: "JVNDB-2019-005477", }, { db: "NVD", id: "CVE-2019-0312", }, { db: "CNNVD", id: "CNNVD-201906-503", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-06-11T00:00:00", db: "BID", id: "108703", }, { date: "2019-06-20T00:00:00", db: "JVNDB", id: "JVNDB-2019-005477", }, { date: "2019-06-12T17:29:03.623000", db: "NVD", id: "CVE-2019-0312", }, { date: "2019-06-11T00:00:00", db: "CNNVD", id: "CNNVD-201906-503", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-06-11T00:00:00", db: "BID", id: "108703", }, { date: "2019-06-20T00:00:00", db: "JVNDB", id: "JVNDB-2019-005477", }, { date: "2020-08-24T17:37:01.140000", db: "NVD", id: "CVE-2019-0312", }, { date: "2020-10-28T00:00:00", db: "CNNVD", id: "CNNVD-201906-503", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201906-503", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SAP NetWeaver Process Integration Vulnerable to information disclosure", sources: [ { db: "JVNDB", id: "JVNDB-2019-005477", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "access control error", sources: [ { db: "CNNVD", id: "CNNVD-201906-503", }, ], trust: 0.6, }, }
var-201904-1083
Vulnerability from variot
Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure. An attacker can exploit this issue to gain sensitive information, that may aid in further attacks
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201904-1083", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.30", }, { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.31", }, { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.40", }, { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.50", }, { model: "netweaver process integration", scope: "eq", trust: 1, vendor: "sap", version: "7.20", }, { model: "netweaver process integration", scope: "eq", trust: 1, vendor: "sap", version: "7.10", }, { model: "netweaver process integration", scope: "eq", trust: 1, vendor: "sap", version: "7.11", }, { model: "netweaver process integration", scope: "eq", trust: 0.8, vendor: "sap", version: "7.10 to 7.11", }, { model: "netweaver process integration", scope: "eq", trust: 0.3, vendor: "sap", version: "750", }, { model: "netweaver process integration", scope: "eq", trust: 0.3, vendor: "sap", version: "740", }, { model: "netweaver process integration", scope: "eq", trust: 0.3, vendor: "sap", version: "731", }, { model: "netweaver process integration", scope: "eq", trust: 0.3, vendor: "sap", version: "730", }, { model: "netweaver process integration", scope: "eq", trust: 0.3, vendor: "sap", version: "720", }, { model: "netweaver process integration", scope: "eq", trust: 0.3, vendor: "sap", version: "711", }, { model: "netweaver process integration", scope: "eq", trust: 0.3, vendor: "sap", version: "710", }, ], sources: [ { db: "BID", id: "107807", }, { db: "JVNDB", id: "JVNDB-2019-003336", }, { db: "NVD", id: "CVE-2019-0278", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.11:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.30:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.31:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.40:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.50:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.20:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2019-0278", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The vendor reported this issue.", sources: [ { db: "BID", id: "107807", }, ], trust: 0.3, }, cve: "CVE-2019-0278", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "None", baseScore: 4, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2019-0278", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 4.3, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2019-0278", impactScore: null, integrityImpact: "None", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2019-0278", trust: 1.8, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201904-422", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-003336", }, { db: "NVD", id: "CVE-2019-0278", }, { db: "CNNVD", id: "CNNVD-201904-422", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure. \nAn attacker can exploit this issue to gain sensitive information, that may aid in further attacks", sources: [ { db: "NVD", id: "CVE-2019-0278", }, { db: "JVNDB", id: "JVNDB-2019-003336", }, { db: "BID", id: "107807", }, ], trust: 1.89, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-0278", trust: 2.7, }, { db: "BID", id: "107807", trust: 0.9, }, { db: "JVNDB", id: "JVNDB-2019-003336", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201904-422", trust: 0.6, }, ], sources: [ { db: "BID", id: "107807", }, { db: "JVNDB", id: "JVNDB-2019-003336", }, { db: "NVD", id: "CVE-2019-0278", }, { db: "CNNVD", id: "CNNVD-201904-422", }, ], }, id: "VAR-201904-1083", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.15555556, }, last_update_date: "2023-12-18T13:08:05.538000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SAP Security Patch Day - April 2019", trust: 0.8, url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=517899114", }, { title: "SAP NetWeaver Process Integration Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=91251", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-003336", }, { db: "CNNVD", id: "CNNVD-201904-422", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "CWE-200", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-003336", }, { db: "NVD", id: "CVE-2019-0278", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.9, url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=517899114", }, { trust: 1.6, url: "https://launchpad.support.sap.com/#/notes/2741201", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-0278", }, { trust: 1.2, url: "http://www.securityfocus.com/bid/107807", }, { trust: 0.9, url: "http://www.sap.com", }, { trust: 0.9, url: "https://service.sap.com/sap/support/notes/2741201", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0278", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/sap-multiples-vulnerabilities-of-april-2019-28982", }, ], sources: [ { db: "BID", id: "107807", }, { db: "JVNDB", id: "JVNDB-2019-003336", }, { db: "NVD", id: "CVE-2019-0278", }, { db: "CNNVD", id: "CNNVD-201904-422", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "BID", id: "107807", }, { db: "JVNDB", id: "JVNDB-2019-003336", }, { db: "NVD", id: "CVE-2019-0278", }, { db: "CNNVD", id: "CNNVD-201904-422", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-04-09T00:00:00", db: "BID", id: "107807", }, { date: "2019-05-15T00:00:00", db: "JVNDB", id: "JVNDB-2019-003336", }, { date: "2019-04-10T21:29:01.107000", db: "NVD", id: "CVE-2019-0278", }, { date: "2019-04-09T00:00:00", db: "CNNVD", id: "CNNVD-201904-422", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-04-09T00:00:00", db: "BID", id: "107807", }, { date: "2019-05-15T00:00:00", db: "JVNDB", id: "JVNDB-2019-003336", }, { date: "2020-08-24T17:37:01.140000", db: "NVD", id: "CVE-2019-0278", }, { date: "2020-08-25T00:00:00", db: "CNNVD", id: "CNNVD-201904-422", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201904-422", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SAP NetWeaver Process Integration Vulnerable to information disclosure", sources: [ { db: "JVNDB", id: "JVNDB-2019-003336", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-201904-422", }, ], trust: 0.6, }, }
var-202105-0838
Vulnerability from variot
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could lead to denial of service and impact the availability of the application. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202105-0838", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "netweaver process integration", scope: "eq", trust: 1, vendor: "sap", version: "7.50", }, { model: "netweaver process integration", scope: "eq", trust: 1, vendor: "sap", version: "7.31", }, { model: "netweaver process integration", scope: "eq", trust: 1, vendor: "sap", version: "7.40", }, { model: "netweaver process integration", scope: "eq", trust: 1, vendor: "sap", version: "7.20", }, { model: "netweaver process integration", scope: "eq", trust: 1, vendor: "sap", version: "7.30", }, { model: "netweaver process integration", scope: "eq", trust: 1, vendor: "sap", version: "7.10", }, { model: "netweaver process integration", scope: "eq", trust: 1, vendor: "sap", version: "7.11", }, ], sources: [ { db: "NVD", id: "CVE-2021-27618", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.11:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.20:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.30:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.31:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.40:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.50:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-27618", }, ], }, cve: "CVE-2021-27618", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", exploitabilityScore: 8, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "VULMON", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", exploitabilityScore: 8, id: "CVE-2021-27618", impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "MEDIUM", trust: 0.1, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 1.2, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "cna@sap.com", availabilityImpact: "HIGH", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 1.2, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-27618", trust: 1, value: "MEDIUM", }, { author: "cna@sap.com", id: "CVE-2021-27618", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202104-975", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202105-621", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2021-27618", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-27618", }, { db: "NVD", id: "CVE-2021-27618", }, { db: "NVD", id: "CVE-2021-27618", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202105-621", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could lead to denial of service and impact the availability of the application. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", sources: [ { db: "NVD", id: "CVE-2021-27618", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "VULMON", id: "CVE-2021-27618", }, ], trust: 1.53, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-27618", trust: 1.7, }, { db: "CS-HELP", id: "SB2021041363", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202104-975", trust: 0.6, }, { db: "CS-HELP", id: "SB2021051107", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202105-621", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-27618", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-27618", }, { db: "NVD", id: "CVE-2021-27618", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202105-621", }, ], }, id: "VAR-202105-0838", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.15555556, }, last_update_date: "2023-12-18T10:58:06.678000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SAP Process Integration Fixes for code issue vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=151243", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202105-621", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-434", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2021-27618", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://launchpad.support.sap.com/#/notes/3012021", }, { trust: 1.7, url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=576094655", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021041363", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021051107", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/434.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-27618", }, { db: "NVD", id: "CVE-2021-27618", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202105-621", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-27618", }, { db: "NVD", id: "CVE-2021-27618", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202105-621", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-05-11T00:00:00", db: "VULMON", id: "CVE-2021-27618", }, { date: "2021-05-11T15:15:08.440000", db: "NVD", id: "CVE-2021-27618", }, { date: "2021-04-13T00:00:00", db: "CNNVD", id: "CNNVD-202104-975", }, { date: "2021-05-11T00:00:00", db: "CNNVD", id: "CNNVD-202105-621", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-27T00:00:00", db: "VULMON", id: "CVE-2021-27618", }, { date: "2021-08-27T17:38:51.547000", db: "NVD", id: "CVE-2021-27618", }, { date: "2021-04-14T00:00:00", db: "CNNVD", id: "CNNVD-202104-975", }, { date: "2021-05-20T00:00:00", db: "CNNVD", id: "CNNVD-202105-621", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202105-621", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Pillow Buffer error vulnerability", sources: [ { db: "CNNVD", id: "CNNVD-202104-975", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202104-975", }, ], trust: 0.6, }, }
var-201910-1603
Vulnerability from variot
SAP NetWeaver Process Integration (B2B Toolkit), before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check. SAP NetWeaver Process Integration (B2B Toolkit) Is vulnerable to a lack of authentication.Information may be tampered with
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201910-1603", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "netweaver process integration", scope: "eq", trust: 1.6, vendor: "sap", version: "1.0", }, { model: "netweaver process integration", scope: "eq", trust: 1.6, vendor: "sap", version: "2.0", }, { model: "netweaver process integration", scope: "lt", trust: 0.8, vendor: "sap", version: "1.0", }, { model: "netweaver process integration", scope: "lt", trust: 0.8, vendor: "sap", version: "2.0", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-010437", }, { db: "NVD", id: "CVE-2019-0367", }, { db: "CNNVD", id: "CNNVD-201910-411", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2019-0367", }, ], }, cve: "CVE-2019-0367", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", exploitabilityScore: 8, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "None", baseScore: 4, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2019-0367", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, impactScore: 1.4, integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 4.3, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2019-0367", impactScore: null, integrityImpact: "Low", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2019-0367", trust: 1.8, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201910-411", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2019-0367", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2019-0367", }, { db: "JVNDB", id: "JVNDB-2019-010437", }, { db: "NVD", id: "CVE-2019-0367", }, { db: "CNNVD", id: "CNNVD-201910-411", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SAP NetWeaver Process Integration (B2B Toolkit), before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check. SAP NetWeaver Process Integration (B2B Toolkit) Is vulnerable to a lack of authentication.Information may be tampered with", sources: [ { db: "NVD", id: "CVE-2019-0367", }, { db: "JVNDB", id: "JVNDB-2019-010437", }, { db: "VULMON", id: "CVE-2019-0367", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-0367", trust: 2.5, }, { db: "JVNDB", id: "JVNDB-2019-010437", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201910-411", trust: 0.6, }, { db: "VULMON", id: "CVE-2019-0367", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2019-0367", }, { db: "JVNDB", id: "JVNDB-2019-010437", }, { db: "NVD", id: "CVE-2019-0367", }, { db: "CNNVD", id: "CNNVD-201910-411", }, ], }, id: "VAR-201910-1603", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.15555556, }, last_update_date: "2023-12-18T11:59:20.296000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SAP Security Patch Day - October 2019", trust: 0.8, url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=528123050", }, { title: "SAP NetWeaver Process Integration Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99080", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-010437", }, { db: "CNNVD", id: "CNNVD-201910-411", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-862", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-010437", }, { db: "NVD", id: "CVE-2019-0367", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://launchpad.support.sap.com/#/notes/2805777", }, { trust: 1.7, url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=528123050", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-0367", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0367", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-october-2019-30550", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/862.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110346", }, ], sources: [ { db: "VULMON", id: "CVE-2019-0367", }, { db: "JVNDB", id: "JVNDB-2019-010437", }, { db: "NVD", id: "CVE-2019-0367", }, { db: "CNNVD", id: "CNNVD-201910-411", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2019-0367", }, { db: "JVNDB", id: "JVNDB-2019-010437", }, { db: "NVD", id: "CVE-2019-0367", }, { db: "CNNVD", id: "CNNVD-201910-411", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-10-08T00:00:00", db: "VULMON", id: "CVE-2019-0367", }, { date: "2019-10-15T00:00:00", db: "JVNDB", id: "JVNDB-2019-010437", }, { date: "2019-10-08T20:15:10.903000", db: "NVD", id: "CVE-2019-0367", }, { date: "2019-10-08T00:00:00", db: "CNNVD", id: "CNNVD-201910-411", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-10-10T00:00:00", db: "VULMON", id: "CVE-2019-0367", }, { date: "2019-10-15T00:00:00", db: "JVNDB", id: "JVNDB-2019-010437", }, { date: "2019-10-10T15:01:39.617000", db: "NVD", id: "CVE-2019-0367", }, { date: "2019-11-21T00:00:00", db: "CNNVD", id: "CNNVD-201910-411", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201910-411", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SAP NetWeaver Process Integration Vulnerabilities related to lack of authentication", sources: [ { db: "JVNDB", id: "JVNDB-2019-010437", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-201910-411", }, ], trust: 0.6, }, }
var-201908-1851
Vulnerability from variot
Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious scripts in the url thereby resulting in Reflected Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver Process Integration Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201908-1851", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.10", }, { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.11", }, { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.30", }, { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.31", }, { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.40", }, { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.50", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-008347", }, { db: "NVD", id: "CVE-2019-0337", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.11:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.30:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.31:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.40:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.50:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2019-0337", }, ], }, cve: "CVE-2019-0337", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 4.3, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2019-0337", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 6.1, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2019-0337", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Changed", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2019-0337", trust: 1.8, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201908-919", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2019-0337", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2019-0337", }, { db: "JVNDB", id: "JVNDB-2019-008347", }, { db: "CNNVD", id: "CNNVD-201908-919", }, { db: "NVD", id: "CVE-2019-0337", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious scripts in the url thereby resulting in Reflected Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver Process Integration Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered", sources: [ { db: "NVD", id: "CVE-2019-0337", }, { db: "JVNDB", id: "JVNDB-2019-008347", }, { db: "VULMON", id: "CVE-2019-0337", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-0337", trust: 2.5, }, { db: "JVNDB", id: "JVNDB-2019-008347", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201908-919", trust: 0.6, }, { db: "VULMON", id: "CVE-2019-0337", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2019-0337", }, { db: "JVNDB", id: "JVNDB-2019-008347", }, { db: "CNNVD", id: "CNNVD-201908-919", }, { db: "NVD", id: "CVE-2019-0337", }, ], }, id: "VAR-201908-1851", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.15555556, }, last_update_date: "2024-02-13T23:04:06.103000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SAP Security Patch Day - August 2019", trust: 0.8, url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=523998017", }, { title: "SAP NetWeaver Process Integration Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=96604", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-008347", }, { db: "CNNVD", id: "CNNVD-201908-919", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-008347", }, { db: "NVD", id: "CVE-2019-0337", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=523998017", }, { trust: 1.7, url: "https://launchpad.support.sap.com/#/notes/2789866", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-0337", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0337", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-august-2019-30031", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/79.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2019-0337", }, { db: "JVNDB", id: "JVNDB-2019-008347", }, { db: "CNNVD", id: "CNNVD-201908-919", }, { db: "NVD", id: "CVE-2019-0337", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2019-0337", }, { db: "JVNDB", id: "JVNDB-2019-008347", }, { db: "CNNVD", id: "CNNVD-201908-919", }, { db: "NVD", id: "CVE-2019-0337", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-08-14T00:00:00", db: "VULMON", id: "CVE-2019-0337", }, { date: "2019-08-29T00:00:00", db: "JVNDB", id: "JVNDB-2019-008347", }, { date: "2019-08-13T00:00:00", db: "CNNVD", id: "CNNVD-201908-919", }, { date: "2019-08-14T14:15:16.027000", db: "NVD", id: "CVE-2019-0337", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-08-26T00:00:00", db: "VULMON", id: "CVE-2019-0337", }, { date: "2019-08-29T00:00:00", db: "JVNDB", id: "JVNDB-2019-008347", }, { date: "2019-09-20T00:00:00", db: "CNNVD", id: "CNNVD-201908-919", }, { date: "2019-08-26T13:59:34.927000", db: "NVD", id: "CVE-2019-0337", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201908-919", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SAP NetWeaver Process Integration Vulnerable to cross-site scripting", sources: [ { db: "JVNDB", id: "JVNDB-2019-008347", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-201908-919", }, ], trust: 0.6, }, }
var-202104-1025
Vulnerability from variot
SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Integration Builder Framework), versions - 7.10, 7.30, 7.31, 7.40, 7.50, allows an attacker to access information under certain conditions, which would otherwise be restricted
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202104-1025", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.10", }, { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.40", }, { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.50", }, { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.31", }, { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.30", }, { model: "netweaver process integration", scope: "eq", trust: 0.8, vendor: "sap", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-005423", }, { db: "NVD", id: "CVE-2021-27599", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.30:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.31:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.40:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.50:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-27599", }, ], }, cve: "CVE-2021-27599", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "None", baseScore: 4, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-27599", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "cna@sap.com", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 6.5, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-27599", impactScore: null, integrityImpact: "None", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-27599", trust: 1.8, value: "MEDIUM", }, { author: "cna@sap.com", id: "CVE-2021-27599", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202104-716", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2021-27599", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-27599", }, { db: "JVNDB", id: "JVNDB-2021-005423", }, { db: "NVD", id: "CVE-2021-27599", }, { db: "NVD", id: "CVE-2021-27599", }, { db: "CNNVD", id: "CNNVD-202104-716", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Integration Builder Framework), versions - 7.10, 7.30, 7.31, 7.40, 7.50, allows an attacker to access information under certain conditions, which would otherwise be restricted", sources: [ { db: "NVD", id: "CVE-2021-27599", }, { db: "JVNDB", id: "JVNDB-2021-005423", }, { db: "VULMON", id: "CVE-2021-27599", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-27599", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-005423", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202104-716", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-27599", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-27599", }, { db: "JVNDB", id: "JVNDB-2021-005423", }, { db: "NVD", id: "CVE-2021-27599", }, { db: "CNNVD", id: "CNNVD-202104-716", }, ], }, id: "VAR-202104-1025", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.15555556, }, last_update_date: "2023-12-18T14:04:22.602000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SAP Security Patch Day - April 2021", trust: 0.8, url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=573801649", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-005423", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "information leak (CWE-200) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-005423", }, { db: "NVD", id: "CVE-2021-27599", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=573801649", }, { trust: 1.7, url: "https://launchpad.support.sap.com/#/notes/3012277", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-27599", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-april-2021-35059", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/200.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-27599", }, { db: "JVNDB", id: "JVNDB-2021-005423", }, { db: "NVD", id: "CVE-2021-27599", }, { db: "CNNVD", id: "CNNVD-202104-716", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-27599", }, { db: "JVNDB", id: "JVNDB-2021-005423", }, { db: "NVD", id: "CVE-2021-27599", }, { db: "CNNVD", id: "CNNVD-202104-716", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-04-14T00:00:00", db: "VULMON", id: "CVE-2021-27599", }, { date: "2021-12-14T00:00:00", db: "JVNDB", id: "JVNDB-2021-005423", }, { date: "2021-04-14T15:15:13.690000", db: "NVD", id: "CVE-2021-27599", }, { date: "2021-04-13T00:00:00", db: "CNNVD", id: "CNNVD-202104-716", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-04-20T00:00:00", db: "VULMON", id: "CVE-2021-27599", }, { date: "2021-12-14T07:19:00", db: "JVNDB", id: "JVNDB-2021-005423", }, { date: "2022-06-28T14:11:45.273000", db: "NVD", id: "CVE-2021-27599", }, { date: "2021-04-22T00:00:00", db: "CNNVD", id: "CNNVD-202104-716", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202104-716", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SAP NetWeaver ABAP Server and ABAP Platform Information Disclosure Vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2021-005423", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-202104-716", }, ], trust: 0.6, }, }
var-201906-1084
Vulnerability from variot
Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 and SAP_XIPCK 7.10 to 7.11, 7.20, 7.30) allows an attacker to access passwords used in FTP channels leading to information disclosure. SAP NetWeaver Process Integration Contains an information disclosure vulnerability.Information may be obtained. An attacker can exploit this issue to gain sensitive information, that may aid in further attacks
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201906-1084", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "netweaver process integration", scope: "eq", trust: 1, vendor: "sap", version: "7.50", }, { model: "netweaver process integration", scope: "eq", trust: 1, vendor: "sap", version: "7.31", }, { model: "netweaver process integration", scope: "eq", trust: 1, vendor: "sap", version: "7.40", }, { model: "netweaver process integration", scope: "eq", trust: 1, vendor: "sap", version: "7.20", }, { model: "netweaver process integration", scope: "eq", trust: 1, vendor: "sap", version: "7.30", }, { model: "netweaver process integration", scope: "eq", trust: 1, vendor: "sap", version: "7.10", }, { model: "netweaver process integration", scope: "eq", trust: 1, vendor: "sap", version: "7.11", }, { model: "netweaver process integration", scope: null, trust: 0.8, vendor: "sap", version: null, }, { model: "netweaver process integration sap xitool", scope: "eq", trust: 0.3, vendor: "sap", version: "7.50", }, { model: "netweaver process integration sap xitool", scope: "eq", trust: 0.3, vendor: "sap", version: "7.40", }, { model: "netweaver process integration sap xitool", scope: "eq", trust: 0.3, vendor: "sap", version: "7.31", }, { model: "netweaver process integration sap xitool", scope: "eq", trust: 0.3, vendor: "sap", version: "7.30", }, { model: "netweaver process integration sap xitool", scope: "eq", trust: 0.3, vendor: "sap", version: "7.11", }, { model: "netweaver process integration sap xitool", scope: "eq", trust: 0.3, vendor: "sap", version: "7.10", }, { model: "netweaver process integration sap xipck", scope: "eq", trust: 0.3, vendor: "sap", version: "7.50", }, { model: "netweaver process integration sap xipck", scope: "eq", trust: 0.3, vendor: "sap", version: "7.40", }, { model: "netweaver process integration sap xipck", scope: "eq", trust: 0.3, vendor: "sap", version: "7.31", }, { model: "netweaver process integration sap xipck", scope: "eq", trust: 0.3, vendor: "sap", version: "7.30", }, { model: "netweaver process integration sap xipck", scope: "eq", trust: 0.3, vendor: "sap", version: "7.11", }, { model: "netweaver process integration sap xipck", scope: "eq", trust: 0.3, vendor: "sap", version: "7.10", }, { model: "netweaver process integration sap xiesr", scope: "eq", trust: 0.3, vendor: "sap", version: "7.50", }, { model: "netweaver process integration sap xiesr", scope: "eq", trust: 0.3, vendor: "sap", version: "7.40", }, { model: "netweaver process integration sap xiesr", scope: "eq", trust: 0.3, vendor: "sap", version: "7.31", }, { model: "netweaver process integration sap xiesr", scope: "eq", trust: 0.3, vendor: "sap", version: "7.30", }, { model: "netweaver process integration sap xiesr", scope: "eq", trust: 0.3, vendor: "sap", version: "7.20", }, { model: "netweaver process integration sap xiesr", scope: "eq", trust: 0.3, vendor: "sap", version: "7.11", }, { model: "netweaver process integration sap xiesr", scope: "eq", trust: 0.3, vendor: "sap", version: "7.10", }, ], sources: [ { db: "BID", id: "108714", }, { db: "JVNDB", id: "JVNDB-2019-005478", }, { db: "NVD", id: "CVE-2019-0315", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.11:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.30:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.31:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.40:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.50:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.20:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2019-0315", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The vendor reported this issue.", sources: [ { db: "BID", id: "108714", }, ], trust: 0.3, }, cve: "CVE-2019-0315", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2019-0315", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2019-0315", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2019-0315", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201906-525", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-005478", }, { db: "NVD", id: "CVE-2019-0315", }, { db: "CNNVD", id: "CNNVD-201906-525", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 and SAP_XIPCK 7.10 to 7.11, 7.20, 7.30) allows an attacker to access passwords used in FTP channels leading to information disclosure. SAP NetWeaver Process Integration Contains an information disclosure vulnerability.Information may be obtained. \nAn attacker can exploit this issue to gain sensitive information, that may aid in further attacks", sources: [ { db: "NVD", id: "CVE-2019-0315", }, { db: "JVNDB", id: "JVNDB-2019-005478", }, { db: "BID", id: "108714", }, ], trust: 1.89, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-0315", trust: 2.7, }, { db: "BID", id: "108714", trust: 0.9, }, { db: "JVNDB", id: "JVNDB-2019-005478", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201906-525", trust: 0.6, }, ], sources: [ { db: "BID", id: "108714", }, { db: "JVNDB", id: "JVNDB-2019-005478", }, { db: "NVD", id: "CVE-2019-0315", }, { db: "CNNVD", id: "CNNVD-201906-525", }, ], }, id: "VAR-201906-1084", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.15555556, }, last_update_date: "2023-12-18T13:02:11.763000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SAP Security Patch Day - June 2019", trust: 0.8, url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=521864242", }, { title: "SAP NetWeaver Process Integration Repair measures for information disclosure vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93757", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-005478", }, { db: "CNNVD", id: "CNNVD-201906-525", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "CWE-200", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-005478", }, { db: "NVD", id: "CVE-2019-0315", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.9, url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=521864242", }, { trust: 1.6, url: "https://launchpad.support.sap.com/#/notes/2755438", }, { trust: 0.9, url: "http://www.sap.com", }, { trust: 0.9, url: "https://service.sap.com/sap/support/notes/2755438", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0315", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2019-0315", }, { trust: 0.6, url: "https://www.securityfocus.com/bid/108714", }, ], sources: [ { db: "BID", id: "108714", }, { db: "JVNDB", id: "JVNDB-2019-005478", }, { db: "NVD", id: "CVE-2019-0315", }, { db: "CNNVD", id: "CNNVD-201906-525", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "BID", id: "108714", }, { db: "JVNDB", id: "JVNDB-2019-005478", }, { db: "NVD", id: "CVE-2019-0315", }, { db: "CNNVD", id: "CNNVD-201906-525", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-06-11T00:00:00", db: "BID", id: "108714", }, { date: "2019-06-20T00:00:00", db: "JVNDB", id: "JVNDB-2019-005478", }, { date: "2019-06-12T17:29:03.747000", db: "NVD", id: "CVE-2019-0315", }, { date: "2019-06-11T00:00:00", db: "CNNVD", id: "CNNVD-201906-525", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-06-11T00:00:00", db: "BID", id: "108714", }, { date: "2019-06-20T00:00:00", db: "JVNDB", id: "JVNDB-2019-005478", }, { date: "2020-08-24T17:37:01.140000", db: "NVD", id: "CVE-2019-0315", }, { date: "2020-08-25T00:00:00", db: "CNNVD", id: "CNNVD-201906-525", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201906-525", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SAP NetWeaver Process Integration Vulnerable to information disclosure", sources: [ { db: "JVNDB", id: "JVNDB-2019-005478", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-201906-525", }, ], trust: 0.6, }, }
var-202212-1493
Vulnerability from variot
An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized operations. The vulnerability affects local users and data, leading to a considerable impact on confidentiality as well as availability and a limited impact on the integrity of the application. These operations can be used to:
- Read any information
- Modify sensitive information
- Denial of Service attacks (DoS)
- SQL Injection
. SAP of SAP NetWeaver Process Integration Exists in a vulnerability related to the lack of authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202212-1493", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.50", }, { model: "netweaver process integration", scope: null, trust: 0.8, vendor: "sap", version: null, }, { model: "netweaver process integration", scope: "eq", trust: 0.8, vendor: "sap", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-023247", }, { db: "NVD", id: "CVE-2022-41271", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.50:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-41271", }, ], }, cve: "CVE-2022-41271", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.4, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.5, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.4, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-41271", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2022-41271", trust: 1.8, value: "CRITICAL", }, { author: "cna@sap.com", id: "CVE-2022-41271", trust: 1, value: "CRITICAL", }, { author: "CNNVD", id: "CNNVD-202212-2959", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-023247", }, { db: "NVD", id: "CVE-2022-41271", }, { db: "NVD", id: "CVE-2022-41271", }, { db: "CNNVD", id: "CNNVD-202212-2959", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized operations. The vulnerability affects local users and data, leading to a considerable impact on confidentiality as well as availability and a limited impact on the integrity of the application. These operations can be used to:\n\n * Read any information\n * Modify sensitive information\n * Denial of Service attacks (DoS)\n * SQL Injection\n\n\n\n\n. SAP of SAP NetWeaver Process Integration Exists in a vulnerability related to the lack of authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2022-41271", }, { db: "JVNDB", id: "JVNDB-2022-023247", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-41271", trust: 3.2, }, { db: "JVNDB", id: "JVNDB-2022-023247", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202212-2959", trust: 0.6, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-023247", }, { db: "NVD", id: "CVE-2022-41271", }, { db: "CNNVD", id: "CNNVD-202212-2959", }, ], }, id: "VAR-202212-1493", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.15555556, }, last_update_date: "2023-12-18T13:31:48.539000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SAP NetWeaver Process Integration Security vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=217790", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202212-2959", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-862", trust: 1, }, { problemtype: "Lack of authentication (CWE-862) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-023247", }, { db: "NVD", id: "CVE-2022-41271", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.4, url: "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", }, { trust: 1.6, url: "https://launchpad.support.sap.com/#/notes/3267780", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-41271", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-41271/", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-de-decembre-2021-40078", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-023247", }, { db: "NVD", id: "CVE-2022-41271", }, { db: "CNNVD", id: "CNNVD-202212-2959", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2022-023247", }, { db: "NVD", id: "CVE-2022-41271", }, { db: "CNNVD", id: "CNNVD-202212-2959", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-11-28T00:00:00", db: "JVNDB", id: "JVNDB-2022-023247", }, { date: "2022-12-13T03:15:09.743000", db: "NVD", id: "CVE-2022-41271", }, { date: "2022-12-13T00:00:00", db: "CNNVD", id: "CNNVD-202212-2959", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-11-28T03:09:00", db: "JVNDB", id: "JVNDB-2022-023247", }, { date: "2023-11-07T03:52:45.510000", db: "NVD", id: "CVE-2022-41271", }, { date: "2022-12-16T00:00:00", db: "CNNVD", id: "CNNVD-202212-2959", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202212-2959", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SAP of SAP NetWeaver Process Integration Vulnerability regarding lack of authentication in", sources: [ { db: "JVNDB", id: "JVNDB-2022-023247", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202212-2959", }, ], trust: 0.6, }, }
var-202307-1066
Vulnerability from variot
The Runtime Workbench (RWB) of SAP NetWeaver Process Integration - version SAP_XITOOL 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configuration. The vulnerability does not allow access to sensitive information or administrative functionalities. On successful exploitation an attacker can cause limited impact on confidentiality and availability of the application. SAP of SAP NetWeaver Process Integration There is a vulnerability in the lack of authentication for critical features.Information is obtained and service operation is interrupted (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202307-1066", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "netweaver process integration", scope: "eq", trust: 1.8, vendor: "sap", version: "7.50", }, { model: "netweaver process integration", scope: null, trust: 0.8, vendor: "sap", version: null, }, { model: "netweaver process integration", scope: "eq", trust: 0.8, vendor: "sap", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-021769", }, { db: "NVD", id: "CVE-2023-35873", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.50:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-35873", }, ], }, cve: "CVE-2023-35873", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 3.9, impactScore: 2.5, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "Low", baseScore: 6.5, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2023-35873", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-35873", trust: 1.8, value: "MEDIUM", }, { author: "cna@sap.com", id: "CVE-2023-35873", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202307-685", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-021769", }, { db: "CNNVD", id: "CNNVD-202307-685", }, { db: "NVD", id: "CVE-2023-35873", }, { db: "NVD", id: "CVE-2023-35873", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The Runtime Workbench (RWB) of SAP NetWeaver Process Integration - version SAP_XITOOL 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configuration. The vulnerability does not allow access to sensitive information or administrative functionalities. On successful exploitation an attacker can cause limited impact on confidentiality and availability of the application. SAP of SAP NetWeaver Process Integration There is a vulnerability in the lack of authentication for critical features.Information is obtained and service operation is interrupted (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2023-35873", }, { db: "JVNDB", id: "JVNDB-2023-021769", }, { db: "VULMON", id: "CVE-2023-35873", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-35873", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2023-021769", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202307-685", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-35873", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-35873", }, { db: "JVNDB", id: "JVNDB-2023-021769", }, { db: "CNNVD", id: "CNNVD-202307-685", }, { db: "NVD", id: "CVE-2023-35873", }, ], }, id: "VAR-202307-1066", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.15555556, }, last_update_date: "2024-01-21T22:56:55.761000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SAP NetWeaver Process Integration Fixes for access control error vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246817", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202307-685", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-306", trust: 1, }, { problemtype: "Lack of authentication for critical features (CWE-306) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-021769", }, { db: "NVD", id: "CVE-2023-35873", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", }, { trust: 1.7, url: "https://me.sap.com/notes/3343547", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-35873", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-35873/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/306.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-35873", }, { db: "JVNDB", id: "JVNDB-2023-021769", }, { db: "CNNVD", id: "CNNVD-202307-685", }, { db: "NVD", id: "CVE-2023-35873", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-35873", }, { db: "JVNDB", id: "JVNDB-2023-021769", }, { db: "CNNVD", id: "CNNVD-202307-685", }, { db: "NVD", id: "CVE-2023-35873", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-07-11T00:00:00", db: "VULMON", id: "CVE-2023-35873", }, { date: "2024-01-19T00:00:00", db: "JVNDB", id: "JVNDB-2023-021769", }, { date: "2023-07-11T00:00:00", db: "CNNVD", id: "CNNVD-202307-685", }, { date: "2023-07-11T03:15:09.993000", db: "NVD", id: "CVE-2023-35873", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-07-11T00:00:00", db: "VULMON", id: "CVE-2023-35873", }, { date: "2024-01-19T08:08:00", db: "JVNDB", id: "JVNDB-2023-021769", }, { date: "2023-07-20T00:00:00", db: "CNNVD", id: "CNNVD-202307-685", }, { date: "2023-07-19T15:27:53.343000", db: "NVD", id: "CVE-2023-35873", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202307-685", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SAP of SAP NetWeaver Process Integration Vulnerability regarding lack of authentication for critical features in", sources: [ { db: "JVNDB", id: "JVNDB-2023-021769", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "access control error", sources: [ { db: "CNNVD", id: "CNNVD-202307-685", }, ], trust: 0.6, }, }
var-201906-1077
Vulnerability from variot
Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability. Successful exploitation of this vulnerability leads to unwanted modification of user's data. NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL) Contains a vulnerability in the deserialization of unreliable data.Information may be tampered with. Successful exploits will allow an attacker to compromise the affected application. Other attacks are also possible. SAP NetWeaver Process Integration versions 7.10,7.11, 7.20, 7.30, 7.31, 7.40, 7.50 are vulnerable
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201906-1077", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "netweaver process integration", scope: "eq", trust: 2.1, vendor: "sap", version: "7.50", }, { model: "netweaver process integration", scope: "eq", trust: 2.1, vendor: "sap", version: "7.40", }, { model: "netweaver process integration", scope: "eq", trust: 2.1, vendor: "sap", version: "7.31", }, { model: "netweaver process integration", scope: "eq", trust: 2.1, vendor: "sap", version: "7.30", }, { model: "netweaver process integration", scope: "eq", trust: 2.1, vendor: "sap", version: "7.20", }, { model: "netweaver process integration", scope: "eq", trust: 1.3, vendor: "sap", version: "7.11", }, { model: "netweaver process integration", scope: "eq", trust: 1.3, vendor: "sap", version: "7.10", }, { model: "netweaver process integration", scope: "eq", trust: 0.8, vendor: "sap", version: "7.10 to 7.11", }, ], sources: [ { db: "BID", id: "108702", }, { db: "JVNDB", id: "JVNDB-2019-005488", }, { db: "NVD", id: "CVE-2019-0305", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.11:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.30:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.40:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.50:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.20:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.31:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2019-0305", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The vendor reported this issue.", sources: [ { db: "BID", id: "108702", }, ], trust: 0.3, }, cve: "CVE-2019-0305", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 4.3, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2019-0305", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, impactScore: 1.4, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 4.3, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2019-0305", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2019-0305", trust: 1.8, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201906-500", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-005488", }, { db: "NVD", id: "CVE-2019-0305", }, { db: "CNNVD", id: "CNNVD-201906-500", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability. Successful exploitation of this vulnerability leads to unwanted modification of user's data. NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL) Contains a vulnerability in the deserialization of unreliable data.Information may be tampered with. \nSuccessful exploits will allow an attacker to compromise the affected application. Other attacks are also possible. \nSAP NetWeaver Process Integration versions 7.10,7.11, 7.20, 7.30, 7.31, 7.40, 7.50 are vulnerable", sources: [ { db: "NVD", id: "CVE-2019-0305", }, { db: "JVNDB", id: "JVNDB-2019-005488", }, { db: "BID", id: "108702", }, ], trust: 1.89, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-0305", trust: 2.7, }, { db: "BID", id: "108702", trust: 0.9, }, { db: "JVNDB", id: "JVNDB-2019-005488", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201906-500", trust: 0.6, }, ], sources: [ { db: "BID", id: "108702", }, { db: "JVNDB", id: "JVNDB-2019-005488", }, { db: "NVD", id: "CVE-2019-0305", }, { db: "CNNVD", id: "CNNVD-201906-500", }, ], }, id: "VAR-201906-1077", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.15555556, }, last_update_date: "2023-12-18T13:56:40.226000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SAP Security Patch Day - June 2019", trust: 0.8, url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=521864242", }, { title: "SAP NetWeaver Process Integration Fixes for code issue vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93735", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-005488", }, { db: "CNNVD", id: "CNNVD-201906-500", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-1021", trust: 1, }, { problemtype: "CWE-502", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-005488", }, { db: "NVD", id: "CVE-2019-0305", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.9, url: "https://launchpad.support.sap.com/#/notes/2755502", }, { trust: 1.9, url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=521864242", }, { trust: 0.9, url: "http://www.sap.com", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0305", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2019-0305", }, { trust: 0.6, url: "https://www.securityfocus.com/bid/108702", }, ], sources: [ { db: "BID", id: "108702", }, { db: "JVNDB", id: "JVNDB-2019-005488", }, { db: "NVD", id: "CVE-2019-0305", }, { db: "CNNVD", id: "CNNVD-201906-500", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "BID", id: "108702", }, { db: "JVNDB", id: "JVNDB-2019-005488", }, { db: "NVD", id: "CVE-2019-0305", }, { db: "CNNVD", id: "CNNVD-201906-500", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-06-11T00:00:00", db: "BID", id: "108702", }, { date: "2019-06-20T00:00:00", db: "JVNDB", id: "JVNDB-2019-005488", }, { date: "2019-06-12T15:29:00.270000", db: "NVD", id: "CVE-2019-0305", }, { date: "2019-06-11T00:00:00", db: "CNNVD", id: "CNNVD-201906-500", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-06-11T00:00:00", db: "BID", id: "108702", }, { date: "2019-06-20T00:00:00", db: "JVNDB", id: "JVNDB-2019-005488", }, { date: "2021-07-21T11:39:23.747000", db: "NVD", id: "CVE-2019-0305", }, { date: "2019-06-17T00:00:00", db: "CNNVD", id: "CNNVD-201906-500", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201906-500", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SAP NetWeaver Process Integration Vulnerable to unreliable data deserialization", sources: [ { db: "JVNDB", id: "JVNDB-2019-005488", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "code problem", sources: [ { db: "CNNVD", id: "CNNVD-201906-500", }, ], trust: 0.6, }, }
var-202105-0837
Vulnerability from variot
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker can craft a malicious XML which when uploaded and parsed by the application, could lead to Denial-of-service conditions due to consumption of a large amount of system memory, thus highly impacting system availability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202105-0837", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "netweaver process integration", scope: "eq", trust: 1, vendor: "sap", version: "7.50", }, { model: "netweaver process integration", scope: "eq", trust: 1, vendor: "sap", version: "7.31", }, { model: "netweaver process integration", scope: "eq", trust: 1, vendor: "sap", version: "7.40", }, { model: "netweaver process integration", scope: "eq", trust: 1, vendor: "sap", version: "7.20", }, { model: "netweaver process integration", scope: "eq", trust: 1, vendor: "sap", version: "7.30", }, { model: "netweaver process integration", scope: "eq", trust: 1, vendor: "sap", version: "7.10", }, { model: "netweaver process integration", scope: "eq", trust: 1, vendor: "sap", version: "7.11", }, ], sources: [ { db: "NVD", id: "CVE-2021-27617", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.11:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.20:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.30:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.31:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.40:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.50:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-27617", }, ], }, cve: "CVE-2021-27617", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", exploitabilityScore: 8, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "VULMON", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", exploitabilityScore: 8, id: "CVE-2021-27617", impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "MEDIUM", trust: 0.1, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 1.2, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "cna@sap.com", availabilityImpact: "HIGH", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 1.2, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-27617", trust: 1, value: "MEDIUM", }, { author: "cna@sap.com", id: "CVE-2021-27617", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202104-975", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202105-620", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2021-27617", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-27617", }, { db: "NVD", id: "CVE-2021-27617", }, { db: "NVD", id: "CVE-2021-27617", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202105-620", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker can craft a malicious XML which when uploaded and parsed by the application, could lead to Denial-of-service conditions due to consumption of a large amount of system memory, thus highly impacting system availability. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", sources: [ { db: "NVD", id: "CVE-2021-27617", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "VULMON", id: "CVE-2021-27617", }, ], trust: 1.53, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-27617", trust: 1.7, }, { db: "CS-HELP", id: "SB2021041363", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202104-975", trust: 0.6, }, { db: "CS-HELP", id: "SB2021051107", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202105-620", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-27617", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-27617", }, { db: "NVD", id: "CVE-2021-27617", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202105-620", }, ], }, id: "VAR-202105-0837", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.15555556, }, last_update_date: "2023-12-18T10:50:03.939000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SAP Process Integration Remediation of resource management error vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=151242", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202105-620", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-20", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2021-27617", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://launchpad.support.sap.com/#/notes/3012021", }, { trust: 1.7, url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=576094655", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021041363", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021051107", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/400.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-27617", }, { db: "NVD", id: "CVE-2021-27617", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202105-620", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-27617", }, { db: "NVD", id: "CVE-2021-27617", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202105-620", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-05-11T00:00:00", db: "VULMON", id: "CVE-2021-27617", }, { date: "2021-05-11T15:15:08.410000", db: "NVD", id: "CVE-2021-27617", }, { date: "2021-04-13T00:00:00", db: "CNNVD", id: "CNNVD-202104-975", }, { date: "2021-05-11T00:00:00", db: "CNNVD", id: "CNNVD-202105-620", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-05-19T00:00:00", db: "VULMON", id: "CVE-2021-27617", }, { date: "2022-06-28T14:11:45.273000", db: "NVD", id: "CVE-2021-27617", }, { date: "2021-04-14T00:00:00", db: "CNNVD", id: "CNNVD-202104-975", }, { date: "2021-05-20T00:00:00", db: "CNNVD", id: "CNNVD-202105-620", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202105-620", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Pillow Buffer error vulnerability", sources: [ { db: "CNNVD", id: "CNNVD-202104-975", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202104-975", }, ], trust: 0.6, }, }
var-201909-1446
Vulnerability from variot
Under certain conditions SAP NetWeaver Process Integration Runtime Workbench – MESSAGING and SAP_XIAF (before versions 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201909-1446", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "netweaver process integration", scope: "eq", trust: 1, vendor: "sap", version: "7.50", }, { model: "netweaver process integration", scope: "eq", trust: 1, vendor: "sap", version: "7.31", }, { model: "netweaver process integration", scope: "eq", trust: 1, vendor: "sap", version: "7.40", }, { model: "netweaver process integration", scope: "lt", trust: 0.8, vendor: "sap", version: "7.31", }, { model: "netweaver process integration", scope: "lt", trust: 0.8, vendor: "sap", version: "7.40", }, { model: "netweaver process integration", scope: "lt", trust: 0.8, vendor: "sap", version: "7.50", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-009155", }, { db: "NVD", id: "CVE-2019-0356", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.50:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.31:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.40:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2019-0356", }, ], }, cve: "CVE-2019-0356", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "None", baseScore: 4, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2019-0356", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 4.3, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2019-0356", impactScore: null, integrityImpact: "None", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2019-0356", trust: 1.8, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201909-437", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-009155", }, { db: "NVD", id: "CVE-2019-0356", }, { db: "CNNVD", id: "CNNVD-201909-437", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Under certain conditions SAP NetWeaver Process Integration Runtime Workbench – MESSAGING and SAP_XIAF (before versions 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted", sources: [ { db: "NVD", id: "CVE-2019-0356", }, { db: "JVNDB", id: "JVNDB-2019-009155", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-0356", trust: 2.4, }, { db: "JVNDB", id: "JVNDB-2019-009155", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201909-437", trust: 0.6, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-009155", }, { db: "NVD", id: "CVE-2019-0356", }, { db: "CNNVD", id: "CNNVD-201909-437", }, ], }, id: "VAR-201909-1446", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.15555556, }, last_update_date: "2023-12-18T12:27:57.736000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SAP Security Patch Day - September 2019", trust: 0.8, url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=525962506", }, { title: "SAP NetWeaver Process Integration Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=98031", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-009155", }, { db: "CNNVD", id: "CNNVD-201909-437", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "CWE-200", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-009155", }, { db: "NVD", id: "CVE-2019-0356", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://launchpad.support.sap.com/#/notes/2802521", }, { trust: 1.6, url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=525962506", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-0356", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0356", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-september-2019-30286", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-009155", }, { db: "NVD", id: "CVE-2019-0356", }, { db: "CNNVD", id: "CNNVD-201909-437", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2019-009155", }, { db: "NVD", id: "CVE-2019-0356", }, { db: "CNNVD", id: "CNNVD-201909-437", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-09-13T00:00:00", db: "JVNDB", id: "JVNDB-2019-009155", }, { date: "2019-09-10T17:15:11", db: "NVD", id: "CVE-2019-0356", }, { date: "2019-09-10T00:00:00", db: "CNNVD", id: "CNNVD-201909-437", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-09-13T00:00:00", db: "JVNDB", id: "JVNDB-2019-009155", }, { date: "2020-08-24T17:37:01.140000", db: "NVD", id: "CVE-2019-0356", }, { date: "2020-08-25T00:00:00", db: "CNNVD", id: "CNNVD-201909-437", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201909-437", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SAP NetWeaver Process Integration Runtime Workbench Vulnerable to information disclosure", sources: [ { db: "JVNDB", id: "JVNDB-2019-009155", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-201909-437", }, ], trust: 0.6, }, }
var-201906-1085
Vulnerability from variot
SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from the victim’s browser, by injecting malicious scripts in certain servlets, which will be executed when the victim is tricked to click on those malicious links, resulting in reflected Cross Site Scripting vulnerability. SAP NetWeaver Process Integration Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201906-1085", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "netweaver process integration", scope: "eq", trust: 1.3, vendor: "sap", version: "7.50", }, { model: "netweaver process integration", scope: "eq", trust: 1.3, vendor: "sap", version: "7.40", }, { model: "netweaver process integration", scope: "eq", trust: 1.3, vendor: "sap", version: "7.31", }, { model: "netweaver process integration", scope: "eq", trust: 1.3, vendor: "sap", version: "7.30", }, { model: "netweaver process integration", scope: "eq", trust: 1.3, vendor: "sap", version: "7.11", }, { model: "netweaver process integration", scope: "eq", trust: 1.3, vendor: "sap", version: "7.10", }, { model: "netweaver process integration", scope: "eq", trust: 1, vendor: "sap", version: "7.20", }, { model: "netweaver process integration", scope: null, trust: 0.8, vendor: "sap", version: null, }, ], sources: [ { db: "BID", id: "108705", }, { db: "JVNDB", id: "JVNDB-2019-005568", }, { db: "NVD", id: "CVE-2019-0316", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.40:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.11:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.20:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.30:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.31:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sap:netweaver_process_integration:7.50:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2019-0316", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SAP", sources: [ { db: "BID", id: "108705", }, { db: "CNNVD", id: "CNNVD-201906-497", }, ], trust: 0.9, }, cve: "CVE-2019-0316", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", exploitabilityScore: 6.8, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "None", baseScore: 3.5, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2019-0316", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 1.7, impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 4.8, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2019-0316", impactScore: null, integrityImpact: "Low", privilegesRequired: "High", scope: "Changed", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2019-0316", trust: 1.8, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201906-497", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-005568", }, { db: "NVD", id: "CVE-2019-0316", }, { db: "CNNVD", id: "CNNVD-201906-497", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from the victim’s browser, by injecting malicious scripts in certain servlets, which will be executed when the victim is tricked to click on those malicious links, resulting in reflected Cross Site Scripting vulnerability. SAP NetWeaver Process Integration Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. \nRemote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks", sources: [ { db: "NVD", id: "CVE-2019-0316", }, { db: "JVNDB", id: "JVNDB-2019-005568", }, { db: "BID", id: "108705", }, ], trust: 1.89, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-0316", trust: 2.7, }, { db: "BID", id: "108705", trust: 0.9, }, { db: "JVNDB", id: "JVNDB-2019-005568", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201906-497", trust: 0.6, }, ], sources: [ { db: "BID", id: "108705", }, { db: "JVNDB", id: "JVNDB-2019-005568", }, { db: "NVD", id: "CVE-2019-0316", }, { db: "CNNVD", id: "CNNVD-201906-497", }, ], }, id: "VAR-201906-1085", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.15555556, }, last_update_date: "2023-12-18T13:13:23.273000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SAP Security Patch Day - June 2019", trust: 0.8, url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=521864242", }, { title: "SAP NetWeaver Process Integration Fixes for cross-site scripting vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93732", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-005568", }, { db: "CNNVD", id: "CNNVD-201906-497", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-005568", }, { db: "NVD", id: "CVE-2019-0316", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.9, url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=521864242", }, { trust: 1.6, url: "https://launchpad.support.sap.com/#/notes/2745917", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-0316", }, { trust: 0.9, url: "http://www.sap.com", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0316", }, { trust: 0.6, url: "https://www.securityfocus.com/bid/108705", }, ], sources: [ { db: "BID", id: "108705", }, { db: "JVNDB", id: "JVNDB-2019-005568", }, { db: "NVD", id: "CVE-2019-0316", }, { db: "CNNVD", id: "CNNVD-201906-497", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "BID", id: "108705", }, { db: "JVNDB", id: "JVNDB-2019-005568", }, { db: "NVD", id: "CVE-2019-0316", }, { db: "CNNVD", id: "CNNVD-201906-497", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-06-11T00:00:00", db: "BID", id: "108705", }, { date: "2019-06-24T00:00:00", db: "JVNDB", id: "JVNDB-2019-005568", }, { date: "2019-06-14T19:29:00.340000", db: "NVD", id: "CVE-2019-0316", }, { date: "2019-06-11T00:00:00", db: "CNNVD", id: "CNNVD-201906-497", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-06-11T00:00:00", db: "BID", id: "108705", }, { date: "2019-06-24T00:00:00", db: "JVNDB", id: "JVNDB-2019-005568", }, { date: "2020-02-10T21:48:48.353000", db: "NVD", id: "CVE-2019-0316", }, { date: "2020-02-12T00:00:00", db: "CNNVD", id: "CNNVD-201906-497", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201906-497", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SAP NetWeaver Process Integration Vulnerable to cross-site scripting", sources: [ { db: "JVNDB", id: "JVNDB-2019-005568", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-201906-497", }, ], trust: 0.6, }, }
cve-2022-41272
Vulnerability from cvelistv5
Published
2022-12-13 03:05
Modified
2024-08-03 12:42
Severity ?
EPSS score ?
Summary
An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data across the entire system. This allows the attacker to have full read access to user data, make limited modifications to user data, and degrade the performance of the system, leading to a high impact on confidentiality and a limited impact on the availability and integrity of the application.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP | NetWeaver Process Integration |
Version: 7.50 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:42:43.986Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://launchpad.support.sap.com/#/notes/3273480", }, { tags: [ "x_transferred", ], url: "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "NetWeaver Process Integration", vendor: "SAP", versions: [ { status: "affected", version: "7.50", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: white;\">An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data across the entire system. This allows the attacker to have full read access to user data, make limited modifications to user data, and degrade the performance of the system, leading to a high impact on confidentiality and a limited impact on the availability and integrity of the application.</span><br>", }, ], value: "An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data across the entire system. This allows the attacker to have full read access to user data, make limited modifications to user data, and degrade the performance of the system, leading to a high impact on confidentiality and a limited impact on the availability and integrity of the application.\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 9.9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862 Missing Authorization", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-306", description: "CWE-306 Missing Authentication for Critical Function", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-13T03:05:13.650Z", orgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd", shortName: "sap", }, references: [ { url: "https://launchpad.support.sap.com/#/notes/3273480", }, { url: "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd", assignerShortName: "sap", cveId: "CVE-2022-41272", datePublished: "2022-12-13T03:05:13.650Z", dateReserved: "2022-09-21T16:20:14.951Z", dateUpdated: "2024-08-03T12:42:43.986Z", requesterUserId: "048f1e0a-8756-40de-bd1f-51292c7183c7", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41271
Vulnerability from cvelistv5
Published
2022-12-13 02:59
Modified
2024-08-03 12:42
Severity ?
EPSS score ?
Summary
An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized operations. The vulnerability affects local users and data, leading to a considerable impact on confidentiality as well as availability and a limited impact on the integrity of the application. These operations can be used to:
* Read any information
* Modify sensitive information
* Denial of Service attacks (DoS)
* SQL Injection
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP | NetWeaver Process Integration |
Version: 7.50 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:42:43.981Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://launchpad.support.sap.com/#/notes/3267780", }, { tags: [ "x_transferred", ], url: "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "NetWeaver Process Integration", vendor: "SAP", versions: [ { status: "affected", version: "7.50", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<div><table><tbody><tr><td><p>An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized operations. The vulnerability affects local users and data, leading to a considerable impact on confidentiality as well as availability and a limited impact on the integrity of the application. These operations can be used to:</p><ul><li>Read any information</li><li>Modify sensitive information</li><li>Denial of Service attacks (DoS)</li><li>SQL Injection</li></ul></td></tr></tbody></table></div>", }, ], value: "An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized operations. The vulnerability affects local users and data, leading to a considerable impact on confidentiality as well as availability and a limited impact on the integrity of the application. These operations can be used to:\n\n * Read any information\n * Modify sensitive information\n * Denial of Service attacks (DoS)\n * SQL Injection\n\n\n\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.4, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862 Missing Authorization", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-306", description: "CWE-306 Missing Authentication for Critical Function", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-13T02:59:05.757Z", orgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd", shortName: "sap", }, references: [ { url: "https://launchpad.support.sap.com/#/notes/3267780", }, { url: "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd", assignerShortName: "sap", cveId: "CVE-2022-41271", datePublished: "2022-12-13T02:59:05.757Z", dateReserved: "2022-09-21T16:20:14.950Z", dateUpdated: "2024-08-03T12:42:43.981Z", requesterUserId: "048f1e0a-8756-40de-bd1f-51292c7183c7", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }