cvelistv5 - cve-2015-7239

cve-2015-7239

Vulnerability from cvelistv5

Published

2015-09-18 14:00

Modified

2024-08-06 07:43

Severity ?

Summary

SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

References

▼	URL	Tags
	cve@mitre.org	http://packetstormsecurity.com/files/134801/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html
	cve@mitre.org	http://seclists.org/fulldisclosure/2015/Dec/66
	cve@mitre.org	http://www.securityfocus.com/archive/1/537109/100/0/threaded
	cve@mitre.org	https://erpscan.io/advisories/erpscan-15-021-sap-netweaver-7-4-bp_find_jobs_with_program-sql-injection/
	af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/134801/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html
	af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2015/Dec/66
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/537109/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	https://erpscan.io/advisories/erpscan-15-021-sap-netweaver-7-4-bp_find_jobs_with_program-sql-injection/

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:43:45.766Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://erpscan.io/advisories/erpscan-15-021-sap-netweaver-7-4-bp_find_jobs_with_program-sql-injection/"
          },
          {
            "name": "20151214 [ERPSCAN-15-021] SAP NetWeaver 7.4 - SQL Injection vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/537109/100/0/threaded"
          },
          {
            "name": "20151216 [ERPSCAN-15-021] SAP NetWeaver 7.4 - SQL Injection vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2015/Dec/66"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/134801/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-09-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-10T17:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://erpscan.io/advisories/erpscan-15-021-sap-netweaver-7-4-bp_find_jobs_with_program-sql-injection/"
        },
        {
          "name": "20151214 [ERPSCAN-15-021] SAP NetWeaver 7.4 - SQL Injection vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/537109/100/0/threaded"
        },
        {
          "name": "20151216 [ERPSCAN-15-021] SAP NetWeaver 7.4 - SQL Injection vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2015/Dec/66"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/134801/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-7239",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://erpscan.io/advisories/erpscan-15-021-sap-netweaver-7-4-bp_find_jobs_with_program-sql-injection/",
              "refsource": "MISC",
              "url": "https://erpscan.io/advisories/erpscan-15-021-sap-netweaver-7-4-bp_find_jobs_with_program-sql-injection/"
            },
            {
              "name": "20151214 [ERPSCAN-15-021] SAP NetWeaver 7.4 - SQL Injection vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/537109/100/0/threaded"
            },
            {
              "name": "20151216 [ERPSCAN-15-021] SAP NetWeaver 7.4 - SQL Injection vulnerability",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2015/Dec/66"
            },
            {
              "name": "http://packetstormsecurity.com/files/134801/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/134801/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-7239",
    "datePublished": "2015-09-18T14:00:00",
    "dateReserved": "2015-09-18T00:00:00",
    "dateUpdated": "2024-08-06T07:43:45.766Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_j2ee_engine:7.40:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7B7BCDF-DC9F-4E84-B724-6985290AF8D2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de inyecci\\u00f3n SQL en el m\\u00f3dulo de la funci\\u00f3n BP_FIND_JOBS_WITH_PROGRAM en SAP NetWeaver J2EE Engine 7.40, permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\\u00e9s de vectores no especificados.\"}]",
      "id": "CVE-2015-7239",
      "lastModified": "2024-11-21T02:36:24.867",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-09-18T14:59:05.050",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/134801/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://seclists.org/fulldisclosure/2015/Dec/66\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/537109/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://erpscan.io/advisories/erpscan-15-021-sap-netweaver-7-4-bp_find_jobs_with_program-sql-injection/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://packetstormsecurity.com/files/134801/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/fulldisclosure/2015/Dec/66\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/537109/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://erpscan.io/advisories/erpscan-15-021-sap-netweaver-7-4-bp_find_jobs_with_program-sql-injection/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-7239\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-09-18T14:59:05.050\",\"lastModified\":\"2024-11-21T02:36:24.867\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de inyecci\u00f3n SQL en el m\u00f3dulo de la funci\u00f3n BP_FIND_JOBS_WITH_PROGRAM en SAP NetWeaver J2EE Engine 7.40, permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_j2ee_engine:7.40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7B7BCDF-DC9F-4E84-B724-6985290AF8D2\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/134801/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://seclists.org/fulldisclosure/2015/Dec/66\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/537109/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://erpscan.io/advisories/erpscan-15-021-sap-netweaver-7-4-bp_find_jobs_with_program-sql-injection/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://packetstormsecurity.com/files/134801/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2015/Dec/66\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/537109/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://erpscan.io/advisories/erpscan-15-021-sap-netweaver-7-4-bp_find_jobs_with_program-sql-injection/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ghsa-qg7j-qf5m-qc2g

Vulnerability from github

Published

2022-05-14 01:51

Modified

2022-05-14 01:51

Details

SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-7239"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-09-18T14:59:00Z",
    "severity": "HIGH"
  },
  "details": "SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.",
  "id": "GHSA-qg7j-qf5m-qc2g",
  "modified": "2022-05-14T01:51:03Z",
  "published": "2022-05-14T01:51:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7239"
    },
    {
      "type": "WEB",
      "url": "https://erpscan.io/advisories/erpscan-15-021-sap-netweaver-7-4-bp_find_jobs_with_program-sql-injection"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/134801/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2015/Dec/66"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/537109/100/0/threaded"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2015-7239

Vulnerability from fkie_nvd

Published

2015-09-18 14:59

Modified

2024-11-21 02:36

Severity ?

Summary

SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

References

▼	URL	Tags
	cve@mitre.org	http://packetstormsecurity.com/files/134801/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html
	cve@mitre.org	http://seclists.org/fulldisclosure/2015/Dec/66
	cve@mitre.org	http://www.securityfocus.com/archive/1/537109/100/0/threaded
	cve@mitre.org	https://erpscan.io/advisories/erpscan-15-021-sap-netweaver-7-4-bp_find_jobs_with_program-sql-injection/
	af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/134801/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html
	af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2015/Dec/66
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/537109/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	https://erpscan.io/advisories/erpscan-15-021-sap-netweaver-7-4-bp_find_jobs_with_program-sql-injection/

Impacted products

	Vendor	Product	Version
	sap	netweaver_j2ee_engine	7.40

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:netweaver_j2ee_engine:7.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7B7BCDF-DC9F-4E84-B724-6985290AF8D2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en el m\u00f3dulo de la funci\u00f3n BP_FIND_JOBS_WITH_PROGRAM en SAP NetWeaver J2EE Engine 7.40, permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-7239",
  "lastModified": "2024-11-21T02:36:24.867",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-09-18T14:59:05.050",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/134801/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/fulldisclosure/2015/Dec/66"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/537109/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://erpscan.io/advisories/erpscan-15-021-sap-netweaver-7-4-bp_find_jobs_with_program-sql-injection/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/134801/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2015/Dec/66"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/537109/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://erpscan.io/advisories/erpscan-15-021-sap-netweaver-7-4-bp_find_jobs_with_program-sql-injection/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. SAP NetWeaver is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. SAP NetWeaver 7.40 is vulnerable; other versions may also be affected

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201509-0262",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "netweaver j2ee engine",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "sap",
        "version": "7.40"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.40"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "79344"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004934"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7239"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-373"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_j2ee_engine:7.40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-7239"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Vahagn Vardanyan (ERPScan)",
    "sources": [
      {
        "db": "BID",
        "id": "79344"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-7239",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": true,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-7239",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-7239",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201509-373",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004934"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7239"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-373"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. SAP NetWeaver is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. \nAn attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nSAP NetWeaver 7.40 is vulnerable; other versions may also be affected",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-7239"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004934"
      },
      {
        "db": "BID",
        "id": "79344"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-7239",
        "trust": 2.7
      },
      {
        "db": "PACKETSTORM",
        "id": "134801",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004934",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-373",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "79344",
        "trust": 0.3
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "79344"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004934"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7239"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-373"
      }
    ]
  },
  "id": "VAR-201509-0262",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.27111164
  },
  "last_update_date": "2023-12-18T13:14:36.343000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SAP Security Note 2193389",
        "trust": 0.8,
        "url": "http://scn.sap.com/docs/doc-55451"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004934"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-89",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004934"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7239"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "http://erpscan.com/advisories/erpscan-15-021-sap-netweaver-7-4-bp_find_jobs_with_program-sql-injecti/"
      },
      {
        "trust": 1.0,
        "url": "http://packetstormsecurity.com/files/134801/sap-netweaver-j2ee-engine-7.40-sql-injection.html"
      },
      {
        "trust": 1.0,
        "url": "http://seclists.org/fulldisclosure/2015/dec/66"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/537109/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "https://erpscan.io/advisories/erpscan-15-021-sap-netweaver-7-4-bp_find_jobs_with_program-sql-injection/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7239"
      },
      {
        "trust": 0.6,
        "url": "http://erpscan.com/advisories/erpscan-15-021-sap-netweaver-7-4-bp_find_jobs_with_program-sql-injection/"
      },
      {
        "trust": 0.3,
        "url": "https://help.sap.com/nw_platform"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "79344"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004934"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7239"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-373"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "79344"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004934"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7239"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-373"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-09-09T00:00:00",
        "db": "BID",
        "id": "79344"
      },
      {
        "date": "2015-09-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-004934"
      },
      {
        "date": "2015-09-18T14:59:05.050000",
        "db": "NVD",
        "id": "CVE-2015-7239"
      },
      {
        "date": "2015-09-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201509-373"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-09-09T00:00:00",
        "db": "BID",
        "id": "79344"
      },
      {
        "date": "2015-09-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-004934"
      },
      {
        "date": "2018-12-10T19:29:12.313000",
        "db": "NVD",
        "id": "CVE-2015-7239"
      },
      {
        "date": "2015-09-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201509-373"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-373"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SAP NetWeaver J2EE Engine of  BP_FIND_JOBS_WITH_PROGRAM In the module  SQL Injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004934"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SQL injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-373"
      }
    ],
    "trust": 0.6
  }
}

gsd-2015-7239

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Aliases

CVE-2015-7239

Aliases

CVE-2015-7239

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-7239",
    "description": "SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.",
    "id": "GSD-2015-7239",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2015-7239"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-7239"
      ],
      "details": "SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.",
      "id": "GSD-2015-7239",
      "modified": "2023-12-13T01:20:01.674118Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-7239",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://erpscan.io/advisories/erpscan-15-021-sap-netweaver-7-4-bp_find_jobs_with_program-sql-injection/",
            "refsource": "MISC",
            "url": "https://erpscan.io/advisories/erpscan-15-021-sap-netweaver-7-4-bp_find_jobs_with_program-sql-injection/"
          },
          {
            "name": "20151214 [ERPSCAN-15-021] SAP NetWeaver 7.4 - SQL Injection vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/537109/100/0/threaded"
          },
          {
            "name": "20151216 [ERPSCAN-15-021] SAP NetWeaver 7.4 - SQL Injection vulnerability",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2015/Dec/66"
          },
          {
            "name": "http://packetstormsecurity.com/files/134801/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/134801/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_j2ee_engine:7.40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-7239"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.com/files/134801/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://packetstormsecurity.com/files/134801/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html"
            },
            {
              "name": "20151216 [ERPSCAN-15-021] SAP NetWeaver 7.4 - SQL Injection vulnerability",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://seclists.org/fulldisclosure/2015/Dec/66"
            },
            {
              "name": "20151214 [ERPSCAN-15-021] SAP NetWeaver 7.4 - SQL Injection vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/537109/100/0/threaded"
            },
            {
              "name": "https://erpscan.io/advisories/erpscan-15-021-sap-netweaver-7-4-bp_find_jobs_with_program-sql-injection/",
              "refsource": "MISC",
              "tags": [],
              "url": "https://erpscan.io/advisories/erpscan-15-021-sap-netweaver-7-4-bp_find_jobs_with_program-sql-injection/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-12-10T19:29Z",
      "publishedDate": "2015-09-18T14:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2015-7239

Vulnerability from cvelistv5

ghsa-qg7j-qf5m-qc2g

Vulnerability from github

fkie_cve-2015-7239

Vulnerability from fkie_nvd

var-201509-0262

Vulnerability from variot

gsd-2015-7239

Vulnerability from gsd

Tags

Sightings

Nomenclature