cvelistv5 - cve-2011-4707

CVE-2011-4707 (GCVE-0-2011-4707)

Vulnerability from cvelistv5 – Published: 2011-12-08 19:00 – Updated: 2024-08-07 00:16

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

GHSA-H6M8-6J3F-JM22

Vulnerability from github – Published: 2022-05-14 01:51 – Updated: 2025-04-11 03:53

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-4707"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-12-08T19:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet.",
  "id": "GHSA-h6m8-6j3f-jm22",
  "modified": "2025-04-11T03:53:18Z",
  "published": "2022-05-14T01:51:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4707"
    },
    {
      "type": "WEB",
      "url": "https://erpscan.io/advisories/dsecrg-11-036-sap-netwaver-virus-scan-interface-multiple-xss"
    },
    {
      "type": "WEB",
      "url": "https://service.sap.com/sap/support/notes/1546307"
    },
    {
      "type": "WEB",
      "url": "http://dsecrg.com/pages/vul/show.php?id=336"
    },
    {
      "type": "WEB",
      "url": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/520554/100/0/threaded"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-201112-0297

Vulnerability from variot - Updated: 2024-07-23 22:41

Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet. The CTC service has an error when performing some verification checks and can be utilized to access user management and OS command execution functions. Inputs passed to the BAPI Explorer through partial transactions are missing prior to use and can be exploited to inject arbitrary HTML and script code that can be executed on the target user's browser when viewed maliciously. When using transaction \"sa38\", RSTXSCRP reports an error and can be exploited to inject any UNC path through the \"File Name\" field. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. TH_GREP reports an error when processing a partial SOAP request, and can inject any SHELL command with the \"\" parameter. The SPML service allows users to perform cross-site request forgery attacks, and can log in to the user administrator context to perform arbitrary operations, such as creating arbitrary users. SAP Netweaver is prone to multiple cross-site scripting vulnerabilities, a path traversal vulnerability, an html-injection vulnerability, a cross-site request-forgery vulnerability, and an authentication-bypass vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary commands in the context of the application, disclose sensitive information, perform certain administrative actions, gain unauthorized access, or bypass certain security restrictions

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201112-0297",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 5.9,
        "vendor": "sap",
        "version": "7.0"
      },
      {
        "model": "netweaver sp15",
        "scope": "eq",
        "trust": 4.5,
        "vendor": "sap",
        "version": "7.0"
      },
      {
        "model": "netweaver sp8",
        "scope": "eq",
        "trust": 4.5,
        "vendor": "sap",
        "version": "7.0"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 4.5,
        "vendor": "sap",
        "version": "7.10"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 4.5,
        "vendor": "sap",
        "version": "7.30"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 4.5,
        "vendor": "sap",
        "version": "7.02"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 4.5,
        "vendor": "sap",
        "version": "7.01"
      },
      {
        "model": "netweaver sp15",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "sap",
        "version": "7.0*"
      },
      {
        "model": "netweaver sp8",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "sap",
        "version": "7.0*"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "sap",
        "version": "7.10*"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "sap",
        "version": "7.30*"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "sap",
        "version": "7.02*"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "sap",
        "version": "7.01*"
      },
      {
        "model": "netweaver",
        "scope": null,
        "trust": 1.4,
        "vendor": "sap",
        "version": null
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3a022216-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "40204c22-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4916"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4917"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4915"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4912"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4914"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4913"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4911"
      },
      {
        "db": "BID",
        "id": "50680"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003325"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-122"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4707"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-4707"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dmitriy Chastuchin, Dmitriy Evdokimov, Alexandr Polyakov and Alexey Tyurin of Digital Security Research Group (DSecRG)",
    "sources": [
      {
        "db": "BID",
        "id": "50680"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2011-4707",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2011-4707",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "3a022216-1f7f-11e6-abef-000c29c66e3d",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "40204c22-1f7f-11e6-abef-000c29c66e3d",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2011-4707",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201112-122",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "3a022216-1f7f-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "40204c22-1f7f-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2011-4707",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3a022216-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "40204c22-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4707"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003325"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-122"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4707"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet. The CTC service has an error when performing some verification checks and can be utilized to access user management and OS command execution functions. Inputs passed to the BAPI Explorer through partial transactions are missing prior to use and can be exploited to inject arbitrary HTML and script code that can be executed on the target user\u0027s browser when viewed maliciously. When using transaction \\\"sa38\\\", RSTXSCRP reports an error and can be exploited to inject any UNC path through the \\\"File Name\\\" field. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. TH_GREP reports an error when processing a partial SOAP request, and can inject any SHELL command with the \\\"\u003cSTRING\u003e\\\" parameter. The SPML service allows users to perform cross-site request forgery attacks, and can log in to the user administrator context to perform arbitrary operations, such as creating arbitrary users. SAP Netweaver is prone to multiple cross-site scripting vulnerabilities, a path traversal vulnerability,  an html-injection vulnerability, a cross-site request-forgery vulnerability, and an authentication-bypass vulnerability. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary commands in the context of the application, disclose sensitive information, perform certain administrative actions, gain unauthorized access, or bypass certain security restrictions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-4707"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003325"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4917"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4911"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4913"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4914"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4912"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4915"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4916"
      },
      {
        "db": "BID",
        "id": "50680"
      },
      {
        "db": "IVD",
        "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "40204c22-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3a022216-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4707"
      }
    ],
    "trust": 7.02
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "50680",
        "trust": 4.6
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4707",
        "trust": 4.2
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-122",
        "trust": 2.0
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4916",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4915",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4914",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4917",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4913",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4912",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4911",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003325",
        "trust": 0.8
      },
      {
        "db": "BUGTRAQ",
        "id": "20111117 [DSECRG-11-036] SAP NETWAVER VIRUS SCAN INTERFACE - MULTIPLE XSS",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "3B9467EC-1F7F-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "3D199B1E-1F7F-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "3E98D306-1F7F-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "3A022216-1F7F-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "40204C22-1F7F-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "4119FC7C-1F7F-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "4247BD6E-1F7F-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4707",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3a022216-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "40204c22-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4916"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4917"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4915"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4912"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4914"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4913"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4911"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4707"
      },
      {
        "db": "BID",
        "id": "50680"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003325"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-122"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4707"
      }
    ]
  },
  "id": "VAR-201112-0297",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3a022216-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "40204c22-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4916"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4917"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4915"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4912"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4914"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4913"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4911"
      }
    ],
    "trust": 6.093194613333333
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 5.6
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3a022216-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "40204c22-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4916"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4917"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4915"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4912"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4914"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4913"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4911"
      }
    ]
  },
  "last_update_date": "2024-07-23T22:41:20.004000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Acknowledgments to Security Researchers - 1546307",
        "trust": 0.8,
        "url": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a"
      },
      {
        "title": "Patch for SAP NetWeaver Cross-Site Request Forgery Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/5913"
      },
      {
        "title": "Patch for SAP NetWeaver Feature Access Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/5922"
      },
      {
        "title": "Patch for SAP NetWeaver Command Injection Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/5912"
      },
      {
        "title": "Patch for SAP NetWeaver Cross-Site Scripting Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/5909"
      },
      {
        "title": "Patch for SAP NetWeaver Path Injection Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/5911"
      },
      {
        "title": "Patch for SAP NetWeaver \u0027page\u0027 parameter cross-site scripting vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/5910"
      },
      {
        "title": "SAP Netweaver Script Injection Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/5908"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-4916"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4917"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4915"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4912"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4914"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4913"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4911"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003325"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003325"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4707"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://dsecrg.com/pages/vul/show.php?id=336"
      },
      {
        "trust": 1.7,
        "url": "https://service.sap.com/sap/support/notes/1546307"
      },
      {
        "trust": 1.7,
        "url": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/520554/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "https://erpscan.io/advisories/dsecrg-11-036-sap-netwaver-virus-scan-interface-multiple-xss/"
      },
      {
        "trust": 0.9,
        "url": "http://dsecrg.com/pages/vul/show.php?id=341"
      },
      {
        "trust": 0.9,
        "url": "http://dsecrg.com/pages/vul/show.php?id=335"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4707"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4707"
      },
      {
        "trust": 0.6,
        "url": "http://dsecrg.com/pages/vul/show.php?id=340http"
      },
      {
        "trust": 0.6,
        "url": "http://dsecrg.com/pages/vul/show.php?id=339http"
      },
      {
        "trust": 0.6,
        "url": "http://dsecrg.com/pages/vul/show.php?id=336http"
      },
      {
        "trust": 0.6,
        "url": "http://dsecrg.com/pages/vul/show.php?id=338http"
      },
      {
        "trust": 0.6,
        "url": "http://dsecrg.com/pages/vul/show.php?id=337http"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/520554/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://erpscan.com/advisories/dsecrg-11-036-sap-netwaver-virus-scan-interface-multiple-xss/"
      },
      {
        "trust": 0.3,
        "url": "http://dsecrg.com/pages/vul/show.php?id=337"
      },
      {
        "trust": 0.3,
        "url": "http://dsecrg.com/pages/vul/show.php?id=339"
      },
      {
        "trust": 0.3,
        "url": "http://dsecrg.com/pages/vul/show.php?id=340"
      },
      {
        "trust": 0.3,
        "url": "http://dsecrg.com/pages/vul/show.php?id=338"
      },
      {
        "trust": 0.3,
        "url": "http://www.sap.com/platform/netweaver/index.epx"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/79.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.securityfocus.com/bid/50680"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-4916"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4917"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4915"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4912"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4914"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4913"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4911"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4707"
      },
      {
        "db": "BID",
        "id": "50680"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003325"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-122"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4707"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3a022216-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "40204c22-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4916"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4917"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4915"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4912"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4914"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4913"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4911"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4707"
      },
      {
        "db": "BID",
        "id": "50680"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003325"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-122"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4707"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-11-16T00:00:00",
        "db": "IVD",
        "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "IVD",
        "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "IVD",
        "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "IVD",
        "id": "3a022216-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "IVD",
        "id": "40204c22-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "IVD",
        "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "IVD",
        "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4916"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4917"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4915"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4912"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4914"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4913"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4911"
      },
      {
        "date": "2011-12-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2011-4707"
      },
      {
        "date": "2011-11-15T00:00:00",
        "db": "BID",
        "id": "50680"
      },
      {
        "date": "2011-12-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-003325"
      },
      {
        "date": "2011-12-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201112-122"
      },
      {
        "date": "2011-12-08T19:55:03.720000",
        "db": "NVD",
        "id": "CVE-2011-4707"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-11-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4916"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4917"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4915"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4912"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4914"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4913"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4911"
      },
      {
        "date": "2018-12-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2011-4707"
      },
      {
        "date": "2013-02-14T12:21:00",
        "db": "BID",
        "id": "50680"
      },
      {
        "date": "2011-12-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-003325"
      },
      {
        "date": "2011-12-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201112-122"
      },
      {
        "date": "2018-12-10T19:29:00.420000",
        "db": "NVD",
        "id": "CVE-2011-4707"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-122"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SAP NetWeaver Cross-Site Request Forgery Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4916"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting",
    "sources": [
      {
        "db": "IVD",
        "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3a022216-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "40204c22-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d"
      }
    ],
    "trust": 1.4
  }
}

GSD-2011-4707

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-4707

Aliases

CVE-2011-4707

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-4707",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet.",
    "id": "GSD-2011-4707"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-4707"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet.",
      "id": "GSD-2011-4707",
      "modified": "2023-12-13T01:19:05.431704Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2011-4707",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20111117 [DSECRG-11-036] SAP NetWaver Virus Scan Interface - multiple XSS",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/520554/100/0/threaded"
          },
          {
            "name": "http://dsecrg.com/pages/vul/show.php?id=336",
            "refsource": "MISC",
            "url": "http://dsecrg.com/pages/vul/show.php?id=336"
          },
          {
            "name": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a",
            "refsource": "CONFIRM",
            "url": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a"
          },
          {
            "name": "https://erpscan.io/advisories/dsecrg-11-036-sap-netwaver-virus-scan-interface-multiple-xss/",
            "refsource": "MISC",
            "url": "https://erpscan.io/advisories/dsecrg-11-036-sap-netwaver-virus-scan-interface-multiple-xss/"
          },
          {
            "name": "https://service.sap.com/sap/support/notes/1546307",
            "refsource": "CONFIRM",
            "url": "https://service.sap.com/sap/support/notes/1546307"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-4707"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://service.sap.com/sap/support/notes/1546307",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://service.sap.com/sap/support/notes/1546307"
            },
            {
              "name": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a"
            },
            {
              "name": "http://dsecrg.com/pages/vul/show.php?id=336",
              "refsource": "MISC",
              "tags": [],
              "url": "http://dsecrg.com/pages/vul/show.php?id=336"
            },
            {
              "name": "20111117 [DSECRG-11-036] SAP NetWaver Virus Scan Interface - multiple XSS",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/520554/100/0/threaded"
            },
            {
              "name": "https://erpscan.io/advisories/dsecrg-11-036-sap-netwaver-virus-scan-interface-multiple-xss/",
              "refsource": "MISC",
              "tags": [],
              "url": "https://erpscan.io/advisories/dsecrg-11-036-sap-netwaver-virus-scan-interface-multiple-xss/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-12-10T19:29Z",
      "publishedDate": "2011-12-08T19:55Z"
    }
  }
}

FKIE_CVE-2011-4707

Vulnerability from fkie_nvd - Published: 2011-12-08 19:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	cve@mitre.org	http://dsecrg.com/pages/vul/show.php?id=336
	cve@mitre.org	http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a
	cve@mitre.org	http://www.securityfocus.com/archive/1/520554/100/0/threaded
	cve@mitre.org	https://erpscan.io/advisories/dsecrg-11-036-sap-netwaver-virus-scan-interface-multiple-xss/
	cve@mitre.org	https://service.sap.com/sap/support/notes/1546307
	af854a3a-2127-422b-91ae-364da2661108	http://dsecrg.com/pages/vul/show.php?id=336
	af854a3a-2127-422b-91ae-364da2661108	http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/520554/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	https://erpscan.io/advisories/dsecrg-11-036-sap-netwaver-virus-scan-interface-multiple-xss/
	af854a3a-2127-422b-91ae-364da2661108	https://service.sap.com/sap/support/notes/1546307

Impacted products

	Vendor	Product	Version
	sap	netweaver	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:netweaver:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5007E3B7-3C36-4256-9E01-51C6F52FD0FF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en el Virus Scan Interface en SAP Netweaver, permite a usuarios remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de los par\u00e1metros (1) instname en el servlet VsiTestScan y (2) name en el servlet VsiTestServlet."
    }
  ],
  "id": "CVE-2011-4707",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-12-08T19:55:03.720",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://dsecrg.com/pages/vul/show.php?id=336"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/520554/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://erpscan.io/advisories/dsecrg-11-036-sap-netwaver-virus-scan-interface-multiple-xss/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://service.sap.com/sap/support/notes/1546307"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://dsecrg.com/pages/vul/show.php?id=336"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/520554/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://erpscan.io/advisories/dsecrg-11-036-sap-netwaver-virus-scan-interface-multiple-xss/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://service.sap.com/sap/support/notes/1546307"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-4707 (GCVE-0-2011-4707)

GHSA-H6M8-6J3F-JM22

VAR-201112-0297

GSD-2011-4707

FKIE_CVE-2011-4707

Tags

Sightings

Nomenclature