cvelistv5 - cve-2011-4707

Source	URL	Tags
cve@mitre.org	http://dsecrg.com/pages/vul/show.php?id=336
cve@mitre.org	http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a
cve@mitre.org	http://www.securityfocus.com/archive/1/520554/100/0/threaded
cve@mitre.org	https://erpscan.io/advisories/dsecrg-11-036-sap-netwaver-virus-scan-interface-multiple-xss/
cve@mitre.org	https://service.sap.com/sap/support/notes/1546307

Vendor	Product
n/a	n/a

ghsa-h6m8-6j3f-jm22

Vulnerability from github

Published

2022-05-14 01:51

Modified

2022-05-14 01:51

Details

Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-4707"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-12-08T19:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet.",
  "id": "GHSA-h6m8-6j3f-jm22",
  "modified": "2022-05-14T01:51:34Z",
  "published": "2022-05-14T01:51:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4707"
    },
    {
      "type": "WEB",
      "url": "https://erpscan.io/advisories/dsecrg-11-036-sap-netwaver-virus-scan-interface-multiple-xss"
    },
    {
      "type": "WEB",
      "url": "https://service.sap.com/sap/support/notes/1546307"
    },
    {
      "type": "WEB",
      "url": "http://dsecrg.com/pages/vul/show.php?id=336"
    },
    {
      "type": "WEB",
      "url": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/520554/100/0/threaded"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

var-201112-0297

Vulnerability from variot

Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet. The CTC service has an error when performing some verification checks and can be utilized to access user management and OS command execution functions. Inputs passed to the BAPI Explorer through partial transactions are missing prior to use and can be exploited to inject arbitrary HTML and script code that can be executed on the target user's browser when viewed maliciously. When using transaction \"sa38\", RSTXSCRP reports an error and can be exploited to inject any UNC path through the \"File Name\" field. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. TH_GREP reports an error when processing a partial SOAP request, and can inject any SHELL command with the \"\" parameter. The SPML service allows users to perform cross-site request forgery attacks, and can log in to the user administrator context to perform arbitrary operations, such as creating arbitrary users. SAP Netweaver is prone to multiple cross-site scripting vulnerabilities, a path traversal vulnerability, an html-injection vulnerability, a cross-site request-forgery vulnerability, and an authentication-bypass vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary commands in the context of the application, disclose sensitive information, perform certain administrative actions, gain unauthorized access, or bypass certain security restrictions

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201112-0297",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 5.9,
        "vendor": "sap",
        "version": "7.0"
      },
      {
        "model": "netweaver sp15",
        "scope": "eq",
        "trust": 4.5,
        "vendor": "sap",
        "version": "7.0"
      },
      {
        "model": "netweaver sp8",
        "scope": "eq",
        "trust": 4.5,
        "vendor": "sap",
        "version": "7.0"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 4.5,
        "vendor": "sap",
        "version": "7.10"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 4.5,
        "vendor": "sap",
        "version": "7.30"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 4.5,
        "vendor": "sap",
        "version": "7.02"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 4.5,
        "vendor": "sap",
        "version": "7.01"
      },
      {
        "model": "netweaver sp15",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "sap",
        "version": "7.0*"
      },
      {
        "model": "netweaver sp8",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "sap",
        "version": "7.0*"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "sap",
        "version": "7.10*"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "sap",
        "version": "7.30*"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "sap",
        "version": "7.02*"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "sap",
        "version": "7.01*"
      },
      {
        "model": "netweaver",
        "scope": null,
        "trust": 1.4,
        "vendor": "sap",
        "version": null
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3a022216-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "40204c22-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4916"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4917"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4915"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4912"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4914"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4913"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4911"
      },
      {
        "db": "BID",
        "id": "50680"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003325"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-122"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4707"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-4707"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dmitriy Chastuchin, Dmitriy Evdokimov, Alexandr Polyakov and Alexey Tyurin of Digital Security Research Group (DSecRG)",
    "sources": [
      {
        "db": "BID",
        "id": "50680"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2011-4707",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2011-4707",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "3a022216-1f7f-11e6-abef-000c29c66e3d",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "40204c22-1f7f-11e6-abef-000c29c66e3d",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2011-4707",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201112-122",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "3a022216-1f7f-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "40204c22-1f7f-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2011-4707",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3a022216-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "40204c22-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4707"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003325"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-122"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4707"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet. The CTC service has an error when performing some verification checks and can be utilized to access user management and OS command execution functions. Inputs passed to the BAPI Explorer through partial transactions are missing prior to use and can be exploited to inject arbitrary HTML and script code that can be executed on the target user\u0027s browser when viewed maliciously. When using transaction \\\"sa38\\\", RSTXSCRP reports an error and can be exploited to inject any UNC path through the \\\"File Name\\\" field. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. TH_GREP reports an error when processing a partial SOAP request, and can inject any SHELL command with the \\\"\u003cSTRING\u003e\\\" parameter. The SPML service allows users to perform cross-site request forgery attacks, and can log in to the user administrator context to perform arbitrary operations, such as creating arbitrary users. SAP Netweaver is prone to multiple cross-site scripting vulnerabilities, a path traversal vulnerability,  an html-injection vulnerability, a cross-site request-forgery vulnerability, and an authentication-bypass vulnerability. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary commands in the context of the application, disclose sensitive information, perform certain administrative actions, gain unauthorized access, or bypass certain security restrictions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-4707"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003325"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4917"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4911"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4913"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4914"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4912"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4915"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4916"
      },
      {
        "db": "BID",
        "id": "50680"
      },
      {
        "db": "IVD",
        "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "40204c22-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3a022216-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4707"
      }
    ],
    "trust": 7.02
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "50680",
        "trust": 4.6
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4707",
        "trust": 4.2
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-122",
        "trust": 2.0
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4916",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4915",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4914",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4917",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4913",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4912",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4911",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003325",
        "trust": 0.8
      },
      {
        "db": "BUGTRAQ",
        "id": "20111117 [DSECRG-11-036] SAP NETWAVER VIRUS SCAN INTERFACE - MULTIPLE XSS",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "3B9467EC-1F7F-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "3D199B1E-1F7F-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "3E98D306-1F7F-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "3A022216-1F7F-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "40204C22-1F7F-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "4119FC7C-1F7F-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "4247BD6E-1F7F-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4707",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3a022216-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "40204c22-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4916"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4917"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4915"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4912"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4914"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4913"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4911"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4707"
      },
      {
        "db": "BID",
        "id": "50680"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003325"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-122"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4707"
      }
    ]
  },
  "id": "VAR-201112-0297",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3a022216-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "40204c22-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4916"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4917"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4915"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4912"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4914"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4913"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4911"
      }
    ],
    "trust": 6.093194613333333
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 5.6
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3a022216-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "40204c22-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4916"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4917"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4915"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4912"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4914"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4913"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4911"
      }
    ]
  },
  "last_update_date": "2024-07-23T22:41:20.004000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Acknowledgments to Security Researchers - 1546307",
        "trust": 0.8,
        "url": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a"
      },
      {
        "title": "Patch for SAP NetWeaver Cross-Site Request Forgery Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/5913"
      },
      {
        "title": "Patch for SAP NetWeaver Feature Access Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/5922"
      },
      {
        "title": "Patch for SAP NetWeaver Command Injection Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/5912"
      },
      {
        "title": "Patch for SAP NetWeaver Cross-Site Scripting Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/5909"
      },
      {
        "title": "Patch for SAP NetWeaver Path Injection Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/5911"
      },
      {
        "title": "Patch for SAP NetWeaver \u0027page\u0027 parameter cross-site scripting vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/5910"
      },
      {
        "title": "SAP Netweaver Script Injection Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/5908"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-4916"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4917"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4915"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4912"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4914"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4913"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4911"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003325"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003325"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4707"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://dsecrg.com/pages/vul/show.php?id=336"
      },
      {
        "trust": 1.7,
        "url": "https://service.sap.com/sap/support/notes/1546307"
      },
      {
        "trust": 1.7,
        "url": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/520554/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "https://erpscan.io/advisories/dsecrg-11-036-sap-netwaver-virus-scan-interface-multiple-xss/"
      },
      {
        "trust": 0.9,
        "url": "http://dsecrg.com/pages/vul/show.php?id=341"
      },
      {
        "trust": 0.9,
        "url": "http://dsecrg.com/pages/vul/show.php?id=335"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4707"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4707"
      },
      {
        "trust": 0.6,
        "url": "http://dsecrg.com/pages/vul/show.php?id=340http"
      },
      {
        "trust": 0.6,
        "url": "http://dsecrg.com/pages/vul/show.php?id=339http"
      },
      {
        "trust": 0.6,
        "url": "http://dsecrg.com/pages/vul/show.php?id=336http"
      },
      {
        "trust": 0.6,
        "url": "http://dsecrg.com/pages/vul/show.php?id=338http"
      },
      {
        "trust": 0.6,
        "url": "http://dsecrg.com/pages/vul/show.php?id=337http"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/520554/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://erpscan.com/advisories/dsecrg-11-036-sap-netwaver-virus-scan-interface-multiple-xss/"
      },
      {
        "trust": 0.3,
        "url": "http://dsecrg.com/pages/vul/show.php?id=337"
      },
      {
        "trust": 0.3,
        "url": "http://dsecrg.com/pages/vul/show.php?id=339"
      },
      {
        "trust": 0.3,
        "url": "http://dsecrg.com/pages/vul/show.php?id=340"
      },
      {
        "trust": 0.3,
        "url": "http://dsecrg.com/pages/vul/show.php?id=338"
      },
      {
        "trust": 0.3,
        "url": "http://www.sap.com/platform/netweaver/index.epx"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/79.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.securityfocus.com/bid/50680"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-4916"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4917"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4915"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4912"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4914"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4913"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4911"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4707"
      },
      {
        "db": "BID",
        "id": "50680"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003325"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-122"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4707"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3a022216-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "40204c22-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4916"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4917"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4915"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4912"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4914"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4913"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4911"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-4707"
      },
      {
        "db": "BID",
        "id": "50680"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003325"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-122"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4707"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-11-16T00:00:00",
        "db": "IVD",
        "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "IVD",
        "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "IVD",
        "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "IVD",
        "id": "3a022216-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "IVD",
        "id": "40204c22-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "IVD",
        "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "IVD",
        "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4916"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4917"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4915"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4912"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4914"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4913"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4911"
      },
      {
        "date": "2011-12-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2011-4707"
      },
      {
        "date": "2011-11-15T00:00:00",
        "db": "BID",
        "id": "50680"
      },
      {
        "date": "2011-12-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-003325"
      },
      {
        "date": "2011-12-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201112-122"
      },
      {
        "date": "2011-12-08T19:55:03.720000",
        "db": "NVD",
        "id": "CVE-2011-4707"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-11-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4916"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4917"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4915"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4912"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4914"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4913"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4911"
      },
      {
        "date": "2018-12-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2011-4707"
      },
      {
        "date": "2013-02-14T12:21:00",
        "db": "BID",
        "id": "50680"
      },
      {
        "date": "2011-12-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-003325"
      },
      {
        "date": "2011-12-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201112-122"
      },
      {
        "date": "2018-12-10T19:29:00.420000",
        "db": "NVD",
        "id": "CVE-2011-4707"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-122"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SAP NetWeaver Cross-Site Request Forgery Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4916"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting",
    "sources": [
      {
        "db": "IVD",
        "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "3a022216-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "40204c22-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d"
      }
    ],
    "trust": 1.4
  }
}

gsd-2011-4707

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet.

Aliases

CVE-2011-4707

Aliases

CVE-2011-4707

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-4707",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet.",
    "id": "GSD-2011-4707"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-4707"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet.",
      "id": "GSD-2011-4707",
      "modified": "2023-12-13T01:19:05.431704Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2011-4707",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20111117 [DSECRG-11-036] SAP NetWaver Virus Scan Interface - multiple XSS",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/520554/100/0/threaded"
          },
          {
            "name": "http://dsecrg.com/pages/vul/show.php?id=336",
            "refsource": "MISC",
            "url": "http://dsecrg.com/pages/vul/show.php?id=336"
          },
          {
            "name": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a",
            "refsource": "CONFIRM",
            "url": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a"
          },
          {
            "name": "https://erpscan.io/advisories/dsecrg-11-036-sap-netwaver-virus-scan-interface-multiple-xss/",
            "refsource": "MISC",
            "url": "https://erpscan.io/advisories/dsecrg-11-036-sap-netwaver-virus-scan-interface-multiple-xss/"
          },
          {
            "name": "https://service.sap.com/sap/support/notes/1546307",
            "refsource": "CONFIRM",
            "url": "https://service.sap.com/sap/support/notes/1546307"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-4707"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://service.sap.com/sap/support/notes/1546307",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://service.sap.com/sap/support/notes/1546307"
            },
            {
              "name": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a"
            },
            {
              "name": "http://dsecrg.com/pages/vul/show.php?id=336",
              "refsource": "MISC",
              "tags": [],
              "url": "http://dsecrg.com/pages/vul/show.php?id=336"
            },
            {
              "name": "20111117 [DSECRG-11-036] SAP NetWaver Virus Scan Interface - multiple XSS",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/520554/100/0/threaded"
            },
            {
              "name": "https://erpscan.io/advisories/dsecrg-11-036-sap-netwaver-virus-scan-interface-multiple-xss/",
              "refsource": "MISC",
              "tags": [],
              "url": "https://erpscan.io/advisories/dsecrg-11-036-sap-netwaver-virus-scan-interface-multiple-xss/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-12-10T19:29Z",
      "publishedDate": "2011-12-08T19:55Z"
    }
  }
}

Action not permitted

cve-2011-4707

Vulnerability from cvelistv5

ghsa-h6m8-6j3f-jm22

Vulnerability from github

var-201112-0297

Vulnerability from variot

gsd-2011-4707

Vulnerability from gsd

Tags