Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities found for business_application_software_integrated_solution by sap
CVE-2019-0279 (GCVE-0-2019-0279)
Vulnerability from cvelistv5 – Published: 2019-04-10 20:17 – Updated: 2024-08-04 17:44
VLAI
Summary
ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in escalation of privileges.
Severity
No CVSS data available.
CWE
- ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in escalation of privileges.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.acti… | x_refsource_CONFIRM |
| https://launchpad.support.sap.com/#/notes/2753629 | x_refsource_CONFIRM |
Impacted products
Date Public
2019-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:16.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2753629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP BASIS",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c from 7.00 to 7.02"
},
{
"status": "affected",
"version": "\u003c from 7.10 to 7.30"
},
{
"status": "affected",
"version": "\u003c 7.31"
},
{
"status": "affected",
"version": "\u003c 7.40"
},
{
"status": "affected",
"version": "\u003c from 7.50 to 7.53"
}
]
}
],
"datePublic": "2019-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in escalation of privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in escalation of privileges.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-10T20:17:27.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2753629"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2019-0279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP BASIS",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "from 7.00 to 7.02"
},
{
"version_name": "\u003c",
"version_value": "from 7.10 to 7.30"
},
{
"version_name": "\u003c",
"version_value": "7.31"
},
{
"version_name": "\u003c",
"version_value": "7.40"
},
{
"version_name": "\u003c",
"version_value": "from 7.50 to 7.53"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in escalation of privileges."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2753629",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2753629"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2019-0279",
"datePublished": "2019-04-10T20:17:27.000Z",
"dateReserved": "2018-11-26T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:44:16.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2494 (GCVE-0-2018-2494)
Vulnerability from cvelistv5 – Published: 2018-12-11 23:00 – Updated: 2024-08-05 04:21
VLAI
Summary
Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform.
Severity
No CVSS data available.
CWE
- Missing Authorization Check
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.acti… | x_refsource_MISC |
| https://launchpad.support.sap.com/#/notes/2698996 | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SAP | SAP Basis (AS ABAP of SAP NetWeaver) |
Affected:
= 7.00 to 7.02
Affected: = 7.10 to 7.30 Affected: = 7.31 Affected: = 7.40 |
|
| SAP | SAP Basis (ABAP Platform) |
Affected:
= 7.50 to 7.53
|
Date Public
2018-12-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:21:34.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2698996"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Basis (AS ABAP of SAP NetWeaver)",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "= 7.00 to 7.02"
},
{
"status": "affected",
"version": "= 7.10 to 7.30"
},
{
"status": "affected",
"version": "= 7.31"
},
{
"status": "affected",
"version": "= 7.40"
}
]
},
{
"product": "SAP Basis (ABAP Platform)",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "= 7.50 to 7.53"
}
]
}
],
"datePublic": "2018-12-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing Authorization Check",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-11T22:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2698996"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Basis (AS ABAP of SAP NetWeaver)",
"version": {
"version_data": [
{
"version_name": "=",
"version_value": "7.00 to 7.02"
},
{
"version_name": "=",
"version_value": "7.10 to 7.30"
},
{
"version_name": "=",
"version_value": "7.31"
},
{
"version_name": "=",
"version_value": "7.40"
}
]
}
},
{
"product_name": "SAP Basis (ABAP Platform)",
"version": {
"version_data": [
{
"version_name": "=",
"version_value": "7.50 to 7.53"
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authorization Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2698996",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2698996"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2494",
"datePublished": "2018-12-11T23:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:21:34.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2367 (GCVE-0-2018-2367)
Vulnerability from cvelistv5 – Published: 2018-03-01 17:00 – Updated: 2024-08-05 04:14
VLAI
Summary
ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
Severity
No CVSS data available.
CWE
- Directory Traversal
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://blogs.sap.com/2018/02/13/sap-security-pat… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/103006 | vdb-entryx_refsource_BID |
| https://launchpad.support.sap.com/#/notes/2562089 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP BASIS (ABAP File Interface) |
Affected:
from 7.00 to 7.02
Affected: from 7.10 to 7.11 Affected: 7.30 Affected: 7.31 Affected: 7.40 Affected: from 7.50 to 7.52 |
Date Public
2018-02-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
},
{
"name": "103006",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103006"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2562089"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP BASIS (ABAP File Interface)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "from 7.00 to 7.02"
},
{
"status": "affected",
"version": "from 7.10 to 7.11"
},
{
"status": "affected",
"version": "7.30"
},
{
"status": "affected",
"version": "7.31"
},
{
"status": "affected",
"version": "7.40"
},
{
"status": "affected",
"version": "from 7.50 to 7.52"
}
]
}
],
"datePublic": "2018-02-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing \"traverse to parent directory\" are passed through to the file APIs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-02T10:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
},
{
"name": "103006",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103006"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2562089"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP BASIS (ABAP File Interface)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "from 7.00 to 7.02"
},
{
"version_affected": "=",
"version_value": "from 7.10 to 7.11"
},
{
"version_affected": "=",
"version_value": "7.30"
},
{
"version_affected": "=",
"version_value": "7.31"
},
{
"version_affected": "=",
"version_value": "7.40"
},
{
"version_affected": "=",
"version_value": "from 7.50 to 7.52"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing \"traverse to parent directory\" are passed through to the file APIs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
},
{
"name": "103006",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103006"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2562089",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2562089"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2367",
"datePublished": "2018-03-01T17:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:14:39.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2363 (GCVE-0-2018-2363)
Vulnerability from cvelistv5 – Published: 2018-01-09 15:00 – Updated: 2024-08-05 04:14
VLAI
Summary
SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials.
Severity
No CVSS data available.
CWE
- Code Injection
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://blogs.sap.com/2018/01/09/sap-security-pat… | x_refsource_CONFIRM |
| https://launchpad.support.sap.com/#/notes/1906212 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/102449 | vdb-entryx_refsource_BID |
| https://launchpad.support.sap.com/#/notes/2525392 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP NetWeaver |
Affected:
7.00
Affected: 7.02 Affected: 7.10 Affected: 7.11 Affected: 7.30 Affected: 7.31 Affected: 7.40 Affected: 7.50 Affected: 7.52 |
Date Public
2018-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.709Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/1906212"
},
{
"name": "102449",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102449"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2525392"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.00"
},
{
"status": "affected",
"version": "7.02"
},
{
"status": "affected",
"version": "7.10"
},
{
"status": "affected",
"version": "7.11"
},
{
"status": "affected",
"version": "7.30"
},
{
"status": "affected",
"version": "7.31"
},
{
"status": "affected",
"version": "7.40"
},
{
"status": "affected",
"version": "7.50"
},
{
"status": "affected",
"version": "7.52"
}
]
}
],
"datePublic": "2018-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user\u0027s choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-11T10:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/1906212"
},
{
"name": "102449",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102449"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2525392"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.00"
},
{
"version_affected": "=",
"version_value": "7.02"
},
{
"version_affected": "=",
"version_value": "7.10"
},
{
"version_affected": "=",
"version_value": "7.11"
},
{
"version_affected": "=",
"version_value": "7.30"
},
{
"version_affected": "=",
"version_value": "7.31"
},
{
"version_affected": "=",
"version_value": "7.40"
},
{
"version_affected": "=",
"version_value": "7.50"
},
{
"version_affected": "=",
"version_value": "7.52"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user\u0027s choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/"
},
{
"name": "https://launchpad.support.sap.com/#/notes/1906212",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/1906212"
},
{
"name": "102449",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102449"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2525392",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2525392"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2363",
"datePublished": "2018-01-09T15:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:14:39.709Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16682 (GCVE-0-2017-16682)
Vulnerability from cvelistv5 – Published: 2017-12-12 14:00 – Updated: 2024-09-16 22:39
VLAI
Summary
SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application.
Severity
No CVSS data available.
CWE
- Code Injection
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/102143 | vdb-entryx_refsource_BID |
| https://blogs.sap.com/2017/12/12/sap-security-pat… | x_refsource_CONFIRM |
| https://launchpad.support.sap.com/#/notes/2526781 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP | SAP NetWeaver Internet Transaction Server (ITS) |
Affected:
from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52
|
Date Public
2017-12-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:19.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102143",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102143"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2526781"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver Internet Transaction Server (ITS)",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52"
}
]
}
],
"datePublic": "2017-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-13T10:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"name": "102143",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102143"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2526781"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"DATE_PUBLIC": "2017-12-12T00:00:00",
"ID": "CVE-2017-16682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver Internet Transaction Server (ITS)",
"version": {
"version_data": [
{
"version_value": "from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52"
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102143",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102143"
},
{
"name": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2526781",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2526781"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2017-16682",
"datePublished": "2017-12-12T14:00:00.000Z",
"dateReserved": "2017-11-09T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:39:53.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16691 (GCVE-0-2017-16691)
Vulnerability from cvelistv5 – Published: 2017-12-12 14:00 – Updated: 2024-09-17 00:31
VLAI
Summary
SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type 'SAR'. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible to append a tampered file to the SAR archive using SAPCAR tool and during the extraction, digital signature verification fails but the tampered file is extracted.
Severity
No CVSS data available.
CWE
- Digital signature verification along with note file extraction
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://blogs.sap.com/2017/12/12/sap-security-pat… | x_refsource_CONFIRM |
| https://launchpad.support.sap.com/#/notes/2546220 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/101822 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP | SAP Note Assistant |
Affected:
SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52
|
Date Public
2017-12-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:19.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2546220"
},
{
"name": "101822",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101822"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Note Assistant",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52"
}
]
}
],
"datePublic": "2017-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type \u0027SAR\u0027. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible to append a tampered file to the SAR archive using SAPCAR tool and during the extraction, digital signature verification fails but the tampered file is extracted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Digital signature verification along with note file extraction",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-25T10:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2546220"
},
{
"name": "101822",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101822"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"DATE_PUBLIC": "2017-12-12T00:00:00",
"ID": "CVE-2017-16691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Note Assistant",
"version": {
"version_data": [
{
"version_value": "SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52"
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type \u0027SAR\u0027. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible to append a tampered file to the SAR archive using SAPCAR tool and during the extraction, digital signature verification fails but the tampered file is extracted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Digital signature verification along with note file extraction"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2546220",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2546220"
},
{
"name": "101822",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101822"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2017-16691",
"datePublished": "2017-12-12T14:00:00.000Z",
"dateReserved": "2017-11-09T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:31:20.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0279 (GCVE-0-2019-0279)
Vulnerability from nvd – Published: 2019-04-10 20:17 – Updated: 2024-08-04 17:44
VLAI
Summary
ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in escalation of privileges.
Severity
No CVSS data available.
CWE
- ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in escalation of privileges.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.acti… | x_refsource_CONFIRM |
| https://launchpad.support.sap.com/#/notes/2753629 | x_refsource_CONFIRM |
Impacted products
Date Public
2019-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:16.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2753629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP BASIS",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c from 7.00 to 7.02"
},
{
"status": "affected",
"version": "\u003c from 7.10 to 7.30"
},
{
"status": "affected",
"version": "\u003c 7.31"
},
{
"status": "affected",
"version": "\u003c 7.40"
},
{
"status": "affected",
"version": "\u003c from 7.50 to 7.53"
}
]
}
],
"datePublic": "2019-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in escalation of privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in escalation of privileges.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-10T20:17:27.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2753629"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2019-0279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP BASIS",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "from 7.00 to 7.02"
},
{
"version_name": "\u003c",
"version_value": "from 7.10 to 7.30"
},
{
"version_name": "\u003c",
"version_value": "7.31"
},
{
"version_name": "\u003c",
"version_value": "7.40"
},
{
"version_name": "\u003c",
"version_value": "from 7.50 to 7.53"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in escalation of privileges."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2753629",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2753629"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2019-0279",
"datePublished": "2019-04-10T20:17:27.000Z",
"dateReserved": "2018-11-26T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:44:16.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2494 (GCVE-0-2018-2494)
Vulnerability from nvd – Published: 2018-12-11 23:00 – Updated: 2024-08-05 04:21
VLAI
Summary
Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform.
Severity
No CVSS data available.
CWE
- Missing Authorization Check
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.acti… | x_refsource_MISC |
| https://launchpad.support.sap.com/#/notes/2698996 | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SAP | SAP Basis (AS ABAP of SAP NetWeaver) |
Affected:
= 7.00 to 7.02
Affected: = 7.10 to 7.30 Affected: = 7.31 Affected: = 7.40 |
|
| SAP | SAP Basis (ABAP Platform) |
Affected:
= 7.50 to 7.53
|
Date Public
2018-12-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:21:34.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2698996"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Basis (AS ABAP of SAP NetWeaver)",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "= 7.00 to 7.02"
},
{
"status": "affected",
"version": "= 7.10 to 7.30"
},
{
"status": "affected",
"version": "= 7.31"
},
{
"status": "affected",
"version": "= 7.40"
}
]
},
{
"product": "SAP Basis (ABAP Platform)",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "= 7.50 to 7.53"
}
]
}
],
"datePublic": "2018-12-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing Authorization Check",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-11T22:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2698996"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Basis (AS ABAP of SAP NetWeaver)",
"version": {
"version_data": [
{
"version_name": "=",
"version_value": "7.00 to 7.02"
},
{
"version_name": "=",
"version_value": "7.10 to 7.30"
},
{
"version_name": "=",
"version_value": "7.31"
},
{
"version_name": "=",
"version_value": "7.40"
}
]
}
},
{
"product_name": "SAP Basis (ABAP Platform)",
"version": {
"version_data": [
{
"version_name": "=",
"version_value": "7.50 to 7.53"
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authorization Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2698996",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2698996"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2494",
"datePublished": "2018-12-11T23:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:21:34.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2367 (GCVE-0-2018-2367)
Vulnerability from nvd – Published: 2018-03-01 17:00 – Updated: 2024-08-05 04:14
VLAI
Summary
ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
Severity
No CVSS data available.
CWE
- Directory Traversal
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://blogs.sap.com/2018/02/13/sap-security-pat… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/103006 | vdb-entryx_refsource_BID |
| https://launchpad.support.sap.com/#/notes/2562089 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP BASIS (ABAP File Interface) |
Affected:
from 7.00 to 7.02
Affected: from 7.10 to 7.11 Affected: 7.30 Affected: 7.31 Affected: 7.40 Affected: from 7.50 to 7.52 |
Date Public
2018-02-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
},
{
"name": "103006",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103006"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2562089"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP BASIS (ABAP File Interface)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "from 7.00 to 7.02"
},
{
"status": "affected",
"version": "from 7.10 to 7.11"
},
{
"status": "affected",
"version": "7.30"
},
{
"status": "affected",
"version": "7.31"
},
{
"status": "affected",
"version": "7.40"
},
{
"status": "affected",
"version": "from 7.50 to 7.52"
}
]
}
],
"datePublic": "2018-02-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing \"traverse to parent directory\" are passed through to the file APIs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-02T10:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
},
{
"name": "103006",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103006"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2562089"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP BASIS (ABAP File Interface)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "from 7.00 to 7.02"
},
{
"version_affected": "=",
"version_value": "from 7.10 to 7.11"
},
{
"version_affected": "=",
"version_value": "7.30"
},
{
"version_affected": "=",
"version_value": "7.31"
},
{
"version_affected": "=",
"version_value": "7.40"
},
{
"version_affected": "=",
"version_value": "from 7.50 to 7.52"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing \"traverse to parent directory\" are passed through to the file APIs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
},
{
"name": "103006",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103006"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2562089",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2562089"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2367",
"datePublished": "2018-03-01T17:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:14:39.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2363 (GCVE-0-2018-2363)
Vulnerability from nvd – Published: 2018-01-09 15:00 – Updated: 2024-08-05 04:14
VLAI
Summary
SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials.
Severity
No CVSS data available.
CWE
- Code Injection
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://blogs.sap.com/2018/01/09/sap-security-pat… | x_refsource_CONFIRM |
| https://launchpad.support.sap.com/#/notes/1906212 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/102449 | vdb-entryx_refsource_BID |
| https://launchpad.support.sap.com/#/notes/2525392 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP NetWeaver |
Affected:
7.00
Affected: 7.02 Affected: 7.10 Affected: 7.11 Affected: 7.30 Affected: 7.31 Affected: 7.40 Affected: 7.50 Affected: 7.52 |
Date Public
2018-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.709Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/1906212"
},
{
"name": "102449",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102449"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2525392"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.00"
},
{
"status": "affected",
"version": "7.02"
},
{
"status": "affected",
"version": "7.10"
},
{
"status": "affected",
"version": "7.11"
},
{
"status": "affected",
"version": "7.30"
},
{
"status": "affected",
"version": "7.31"
},
{
"status": "affected",
"version": "7.40"
},
{
"status": "affected",
"version": "7.50"
},
{
"status": "affected",
"version": "7.52"
}
]
}
],
"datePublic": "2018-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user\u0027s choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-11T10:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/1906212"
},
{
"name": "102449",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102449"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2525392"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.00"
},
{
"version_affected": "=",
"version_value": "7.02"
},
{
"version_affected": "=",
"version_value": "7.10"
},
{
"version_affected": "=",
"version_value": "7.11"
},
{
"version_affected": "=",
"version_value": "7.30"
},
{
"version_affected": "=",
"version_value": "7.31"
},
{
"version_affected": "=",
"version_value": "7.40"
},
{
"version_affected": "=",
"version_value": "7.50"
},
{
"version_affected": "=",
"version_value": "7.52"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user\u0027s choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/"
},
{
"name": "https://launchpad.support.sap.com/#/notes/1906212",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/1906212"
},
{
"name": "102449",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102449"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2525392",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2525392"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2363",
"datePublished": "2018-01-09T15:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:14:39.709Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16691 (GCVE-0-2017-16691)
Vulnerability from nvd – Published: 2017-12-12 14:00 – Updated: 2024-09-17 00:31
VLAI
Summary
SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type 'SAR'. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible to append a tampered file to the SAR archive using SAPCAR tool and during the extraction, digital signature verification fails but the tampered file is extracted.
Severity
No CVSS data available.
CWE
- Digital signature verification along with note file extraction
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://blogs.sap.com/2017/12/12/sap-security-pat… | x_refsource_CONFIRM |
| https://launchpad.support.sap.com/#/notes/2546220 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/101822 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP | SAP Note Assistant |
Affected:
SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52
|
Date Public
2017-12-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:19.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2546220"
},
{
"name": "101822",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101822"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Note Assistant",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52"
}
]
}
],
"datePublic": "2017-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type \u0027SAR\u0027. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible to append a tampered file to the SAR archive using SAPCAR tool and during the extraction, digital signature verification fails but the tampered file is extracted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Digital signature verification along with note file extraction",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-25T10:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2546220"
},
{
"name": "101822",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101822"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"DATE_PUBLIC": "2017-12-12T00:00:00",
"ID": "CVE-2017-16691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Note Assistant",
"version": {
"version_data": [
{
"version_value": "SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52"
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type \u0027SAR\u0027. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible to append a tampered file to the SAR archive using SAPCAR tool and during the extraction, digital signature verification fails but the tampered file is extracted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Digital signature verification along with note file extraction"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2546220",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2546220"
},
{
"name": "101822",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101822"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2017-16691",
"datePublished": "2017-12-12T14:00:00.000Z",
"dateReserved": "2017-11-09T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:31:20.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16682 (GCVE-0-2017-16682)
Vulnerability from nvd – Published: 2017-12-12 14:00 – Updated: 2024-09-16 22:39
VLAI
Summary
SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application.
Severity
No CVSS data available.
CWE
- Code Injection
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/102143 | vdb-entryx_refsource_BID |
| https://blogs.sap.com/2017/12/12/sap-security-pat… | x_refsource_CONFIRM |
| https://launchpad.support.sap.com/#/notes/2526781 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP | SAP NetWeaver Internet Transaction Server (ITS) |
Affected:
from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52
|
Date Public
2017-12-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:19.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102143",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102143"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2526781"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver Internet Transaction Server (ITS)",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52"
}
]
}
],
"datePublic": "2017-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-13T10:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"name": "102143",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102143"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2526781"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"DATE_PUBLIC": "2017-12-12T00:00:00",
"ID": "CVE-2017-16682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver Internet Transaction Server (ITS)",
"version": {
"version_data": [
{
"version_value": "from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52"
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102143",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102143"
},
{
"name": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2526781",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2526781"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2017-16682",
"datePublished": "2017-12-12T14:00:00.000Z",
"dateReserved": "2017-11-09T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:39:53.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}