All the vulnerabilites related to sap - netweaver_java_application_server
cve-2015-4158
Vulnerability from cvelistv5
Published
2015-06-02 14:00
Modified
2024-08-06 06:04
Severity ?
EPSS score ?
Summary
SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/74799 | vdb-entry, x_refsource_BID | |
| http://seclists.org/fulldisclosure/2015/May/96 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:02.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "74799",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74799"
},
{
"name": "20150522 SAP Security Notes May 2015",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/May/96"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SAP ABAP \u0026 Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "74799",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74799"
},
{
"name": "20150522 SAP Security Notes May 2015",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/May/96"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP ABAP \u0026 Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74799",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74799"
},
{
"name": "20150522 SAP Security Notes May 2015",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/May/96"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4158",
"datePublished": "2015-06-02T14:00:00",
"dateReserved": "2015-06-02T00:00:00",
"dateUpdated": "2024-08-06T06:04:02.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-2282
Vulnerability from cvelistv5
Published
2015-06-02 14:00
Modified
2024-08-06 05:10
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2015/May/50 | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/74643 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/131883/SAP-LZC-LZH-Compression-Denial-Of-Service.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/535535/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://seclists.org/fulldisclosure/2015/May/96 | mailing-list, x_refsource_FULLDISC | |
| http://www.coresecurity.com/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:15.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150513 [CORE-2015-0009] - SAP LZC/LZH Compression Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/May/50"
},
{
"name": "74643",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74643"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/131883/SAP-LZC-LZH-Compression-Denial-Of-Service.html"
},
{
"name": "20150513 [CORE-2015-0009] - SAP LZC/LZH Compression Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535535/100/0/threaded"
},
{
"name": "20150522 SAP Security Notes May 2015",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/May/96"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20150513 [CORE-2015-0009] - SAP LZC/LZH Compression Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/May/50"
},
{
"name": "74643",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74643"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/131883/SAP-LZC-LZH-Compression-Denial-Of-Service.html"
},
{
"name": "20150513 [CORE-2015-0009] - SAP LZC/LZH Compression Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/535535/100/0/threaded"
},
{
"name": "20150522 SAP Security Notes May 2015",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/May/96"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150513 [CORE-2015-0009] - SAP LZC/LZH Compression Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/May/50"
},
{
"name": "74643",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74643"
},
{
"name": "http://packetstormsecurity.com/files/131883/SAP-LZC-LZH-Compression-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131883/SAP-LZC-LZH-Compression-Denial-Of-Service.html"
},
{
"name": "20150513 [CORE-2015-0009] - SAP LZC/LZH Compression Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535535/100/0/threaded"
},
{
"name": "20150522 SAP Security Notes May 2015",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/May/96"
},
{
"name": "http://www.coresecurity.com/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities",
"refsource": "MISC",
"url": "http://www.coresecurity.com/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2282",
"datePublished": "2015-06-02T14:00:00",
"dateReserved": "2015-03-10T00:00:00",
"dateUpdated": "2024-08-06T05:10:15.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-2278
Vulnerability from cvelistv5
Published
2015-06-02 14:00
Modified
2024-08-06 05:10
Severity ?
EPSS score ?
Summary
The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to look-ups of non-simple codes, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2015/May/50 | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/74643 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/131883/SAP-LZC-LZH-Compression-Denial-Of-Service.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/535535/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://seclists.org/fulldisclosure/2015/May/96 | mailing-list, x_refsource_FULLDISC | |
| http://www.coresecurity.com/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:15.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150513 [CORE-2015-0009] - SAP LZC/LZH Compression Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/May/50"
},
{
"name": "74643",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74643"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/131883/SAP-LZC-LZH-Compression-Denial-Of-Service.html"
},
{
"name": "20150513 [CORE-2015-0009] - SAP LZC/LZH Compression Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535535/100/0/threaded"
},
{
"name": "20150522 SAP Security Notes May 2015",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/May/96"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to look-ups of non-simple codes, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20150513 [CORE-2015-0009] - SAP LZC/LZH Compression Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/May/50"
},
{
"name": "74643",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74643"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/131883/SAP-LZC-LZH-Compression-Denial-Of-Service.html"
},
{
"name": "20150513 [CORE-2015-0009] - SAP LZC/LZH Compression Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/535535/100/0/threaded"
},
{
"name": "20150522 SAP Security Notes May 2015",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/May/96"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to look-ups of non-simple codes, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150513 [CORE-2015-0009] - SAP LZC/LZH Compression Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/May/50"
},
{
"name": "74643",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74643"
},
{
"name": "http://packetstormsecurity.com/files/131883/SAP-LZC-LZH-Compression-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131883/SAP-LZC-LZH-Compression-Denial-Of-Service.html"
},
{
"name": "20150513 [CORE-2015-0009] - SAP LZC/LZH Compression Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535535/100/0/threaded"
},
{
"name": "20150522 SAP Security Notes May 2015",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/May/96"
},
{
"name": "http://www.coresecurity.com/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities",
"refsource": "MISC",
"url": "http://www.coresecurity.com/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2278",
"datePublished": "2015-06-02T14:00:00",
"dateReserved": "2015-03-10T00:00:00",
"dateUpdated": "2024-08-06T05:10:15.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3133
Vulnerability from cvelistv5
Published
2014-04-30 14:00
Modified
2024-08-06 10:35
Severity ?
EPSS score ?
Summary
SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2014/Apr/301 | mailing-list, x_refsource_FULLDISC | |
| http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/67104 | vdb-entry, x_refsource_BID | |
| http://scn.sap.com/docs/DOC-8218 | x_refsource_CONFIRM | |
| https://service.sap.com/sap/support/notes/1922547 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:56.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140428 [Onapsis Security Advisory 2014-008] SAP NW Portal WD Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Apr/301"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008"
},
{
"name": "67104",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67104"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://scn.sap.com/docs/DOC-8218"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://service.sap.com/sap/support/notes/1922547"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-05T16:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140428 [Onapsis Security Advisory 2014-008] SAP NW Portal WD Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Apr/301"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008"
},
{
"name": "67104",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67104"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://scn.sap.com/docs/DOC-8218"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://service.sap.com/sap/support/notes/1922547"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140428 [Onapsis Security Advisory 2014-008] SAP NW Portal WD Information Disclosure",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Apr/301"
},
{
"name": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008",
"refsource": "MISC",
"url": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008"
},
{
"name": "67104",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67104"
},
{
"name": "http://scn.sap.com/docs/DOC-8218",
"refsource": "CONFIRM",
"url": "http://scn.sap.com/docs/DOC-8218"
},
{
"name": "https://service.sap.com/sap/support/notes/1922547",
"refsource": "CONFIRM",
"url": "https://service.sap.com/sap/support/notes/1922547"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3133",
"datePublished": "2014-04-30T14:00:00",
"dateReserved": "2014-04-30T00:00:00",
"dateUpdated": "2024-08-06T10:35:56.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8590
Vulnerability from cvelistv5
Published
2014-11-04 15:00
Modified
2024-08-06 13:26
Severity ?
EPSS score ?
Summary
XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/98581 | vdb-entry, x_refsource_XF | |
| https://service.sap.com/sap/support/notes/2045176 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/71023 | vdb-entry, x_refsource_BID | |
| https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/ | x_refsource_MISC | |
| https://erpscan.io/advisories/erpscan-14-015-sap-netweaver-as-java-xxe/ | x_refsource_MISC | |
| http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:26:00.756Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "sap-netweaver-cve20148590-info-disc(98581)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98581"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://service.sap.com/sap/support/notes/2045176"
},
{
"name": "71023",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71023"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://erpscan.io/advisories/erpscan-14-015-sap-netweaver-as-java-xxe/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-10T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "sap-netweaver-cve20148590-info-disc(98581)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98581"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://service.sap.com/sap/support/notes/2045176"
},
{
"name": "71023",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71023"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://erpscan.io/advisories/erpscan-14-015-sap-netweaver-as-java-xxe/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sap-netweaver-cve20148590-info-disc(98581)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98581"
},
{
"name": "https://service.sap.com/sap/support/notes/2045176",
"refsource": "MISC",
"url": "https://service.sap.com/sap/support/notes/2045176"
},
{
"name": "71023",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71023"
},
{
"name": "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/",
"refsource": "MISC",
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/"
},
{
"name": "https://erpscan.io/advisories/erpscan-14-015-sap-netweaver-as-java-xxe/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-14-015-sap-netweaver-as-java-xxe/"
},
{
"name": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/",
"refsource": "MISC",
"url": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8590",
"datePublished": "2014-11-04T15:00:00",
"dateReserved": "2014-11-04T00:00:00",
"dateUpdated": "2024-08-06T13:26:00.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2014-11-04 15:55
Modified
2024-11-21 02:19
Severity ?
Summary
XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_java_application_server | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_java_application_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BC67018-106D-4103-83FB-FEC80496F14D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request."
},
{
"lang": "es",
"value": "Vulnerabilidad de entidad externa XML (XXE) en Web Service Navigator en SAP NetWeaver Application Server (AS) Java permite a atacantes remotos acceder a ficheros arbitrarios a trav\u00e9s de una solicitud manipulada."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/611.html\" target=\"_blank\"\u003eCWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)\u003c/a\u003e",
"id": "CVE-2014-8590",
"lastModified": "2024-11-21T02:19:23.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-04T15:55:07.730",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/71023"
},
{
"source": "cve@mitre.org",
"url": "https://erpscan.io/advisories/erpscan-14-015-sap-netweaver-as-java-xxe/"
},
{
"source": "cve@mitre.org",
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98581"
},
{
"source": "cve@mitre.org",
"url": "https://service.sap.com/sap/support/notes/2045176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/71023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://erpscan.io/advisories/erpscan-14-015-sap-netweaver-as-java-xxe/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://service.sap.com/sap/support/notes/2045176"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-06-02 14:59
Modified
2024-11-21 02:30
Severity ?
Summary
SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_abap_application_server | - | |
| sap | netweaver_java_application_server | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_abap_application_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9A55F8F2-A31D-4C57-A664-0B1DBD1F17A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_java_application_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BC67018-106D-4103-83FB-FEC80496F14D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP ABAP \u0026 Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661."
},
{
"lang": "es",
"value": "SAP ABAP \u0026 Java Server permite a atacantes remotos causar una denegaci\u00f3n de servicio (terminaci\u00f3n de servicio) a trav\u00e9s de vectores no especificado, tambi\u00e9n conocido como la nota de seguridad de SAP 2121661."
}
],
"id": "CVE-2015-4158",
"lastModified": "2024-11-21T02:30:32.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-06-02T14:59:18.583",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/May/96"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/74799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/May/96"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/74799"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-30 14:22
Modified
2024-11-21 02:07
Severity ?
Summary
SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_java_application_server | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_java_application_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BC67018-106D-4103-83FB-FEC80496F14D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection."
},
{
"lang": "es",
"value": "SAP Netweaver Java Application Server no restringe debidamente acceso, lo que permite a atacantes remotos obtener la lista de sistemas SAP registrados en un SLD a trav\u00e9s de un webdynpro no especificado, relacionado con SystemSelection."
}
],
"id": "CVE-2014-3133",
"lastModified": "2024-11-21T02:07:30.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-30T14:22:07.343",
"references": [
{
"source": "cve@mitre.org",
"url": "http://scn.sap.com/docs/DOC-8218"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2014/Apr/301"
},
{
"source": "cve@mitre.org",
"url": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/67104"
},
{
"source": "cve@mitre.org",
"url": "https://service.sap.com/sap/support/notes/1922547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://scn.sap.com/docs/DOC-8218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Apr/301"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://service.sap.com/sap/support/notes/1922547"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-06-02 14:59
Modified
2024-11-21 02:27
Severity ?
Summary
The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to look-ups of non-simple codes, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | gui | - | |
| sap | maxdb | 7.5 | |
| sap | maxdb | 7.6 | |
| sap | netweaver_abap_application_server | - | |
| sap | netweaver_java_application_server | - | |
| sap | netweaver_rfc_sdk | - | |
| sap | rfc_library | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:gui:-:*:*:*:*:*:*:*",
"matchCriteriaId": "399383D3-01CC-48FF-943F-F7F0EF54ECFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:maxdb:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA8EB08-6866-4FDF-A552-C290A54E9B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:maxdb:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF72173-A7B4-44DD-A842-BA29D6AF6E08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap_application_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9A55F8F2-A31D-4C57-A664-0B1DBD1F17A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_java_application_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BC67018-106D-4103-83FB-FEC80496F14D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_rfc_sdk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A37353F-8BC1-4B72-B452-E19308C9740B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:rfc_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FE182C-229B-461B-8139-D39E005034A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to look-ups of non-simple codes, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316."
},
{
"lang": "es",
"value": "La implementaci\u00f3n LZH decompression (la funci\u00f3n CsObjectInt::BuildHufTree en vpa108csulzh.cpp) en SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, la herramienta de archivos SAPCAR, y otros productos permite a atacantes dependientes de contexto causar una denegaci\u00f3n de servicio (lectura fuera de rango) a trav\u00e9s de vectores no especificados, relacionado con b\u00fasquedas de c\u00f3digos no simples, tambi\u00e9n conocido como las notas de seguridad de SAP 2124806, 2121661, 2127995, y 2125316."
}
],
"id": "CVE-2015-2278",
"lastModified": "2024-11-21T02:27:08.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-06-02T14:59:07.537",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/131883/SAP-LZC-LZH-Compression-Denial-Of-Service.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/May/50"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/May/96"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.coresecurity.com/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/535535/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/74643"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/131883/SAP-LZC-LZH-Compression-Denial-Of-Service.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/May/50"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/May/96"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.coresecurity.com/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/535535/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/74643"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-06-02 14:59
Modified
2024-11-21 02:27
Severity ?
Summary
Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | gui | - | |
| sap | maxdb | 7.5 | |
| sap | maxdb | 7.6 | |
| sap | netweaver_abap_application_server | - | |
| sap | netweaver_java_application_server | - | |
| sap | netweaver_rfc_sdk | - | |
| sap | rfc_library | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:gui:-:*:*:*:*:*:*:*",
"matchCriteriaId": "399383D3-01CC-48FF-943F-F7F0EF54ECFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:maxdb:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA8EB08-6866-4FDF-A552-C290A54E9B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:maxdb:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF72173-A7B4-44DD-A842-BA29D6AF6E08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap_application_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9A55F8F2-A31D-4C57-A664-0B1DBD1F17A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_java_application_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BC67018-106D-4103-83FB-FEC80496F14D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_rfc_sdk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A37353F-8BC1-4B72-B452-E19308C9740B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:rfc_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FE182C-229B-461B-8139-D39E005034A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en pila en la implementaci\u00f3n LZC decompression (la funci\u00f3n CsObjectInt::CsDecomprLZC en vpa106cslzc.cpp) en SAP MaxDB 7.5 y 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, la herramienta de archivos SAPCAR, y otros productos permite a atacantes dependientes de contexto causar una denegaci\u00f3n de servicio (ca\u00edda) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como las notas de seguridad de 2124806, 2121661, 2127995, y 2125316."
}
],
"id": "CVE-2015-2282",
"lastModified": "2024-11-21T02:27:08.723",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-06-02T14:59:08.880",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/131883/SAP-LZC-LZH-Compression-Denial-Of-Service.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/May/50"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/May/96"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.coresecurity.com/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/535535/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/74643"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/131883/SAP-LZC-LZH-Compression-Denial-Of-Service.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/May/50"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/May/96"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.coresecurity.com/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/535535/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/74643"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}