VAR-200907-0583
Vulnerability from variot - Updated: 2022-05-17 01:41SAP NetWeaver is prone to an information-disclosure vulnerability because it fails to properly secure communication channels between clients and servers. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200907-0583",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ag sapgui patch level",
"scope": "eq",
"trust": 0.6,
"vendor": "sap",
"version": "7.109"
},
{
"model": "ag sapgui patch level",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.108"
},
{
"model": "ag sapgui",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "netweaver application server sp21",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "6.40104329.313"
},
{
"model": "ag sapgui patch level",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "6.4029"
},
{
"model": "ag sapgui patch level",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.105"
},
{
"model": "netweaver application server sp17",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "6.40104329.313"
},
{
"model": "sapgui d for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "4.6"
},
{
"model": "netweaver portal sp21",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "2004"
},
{
"model": "netweaver application server sp17",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "6.40"
},
{
"model": "netweaver nw04s sp9",
"scope": null,
"trust": 0.3,
"vendor": "sap",
"version": null
},
{
"model": "netweaver nw04 sp17",
"scope": null,
"trust": 0.3,
"vendor": "sap",
"version": null
},
{
"model": "gui for windows patch level",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "6.2072"
},
{
"model": "netweaver portal",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "2004.."
},
{
"model": "netweaver nw04 sp15",
"scope": null,
"trust": 0.3,
"vendor": "sap",
"version": null
},
{
"model": "netweaver sp15",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.0"
},
{
"model": "sapgui final release patch",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "6406403.3.11.1004"
},
{
"model": "gui",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.10"
},
{
"model": "gui for windows patch level",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.006"
},
{
"model": "netweaver nw04s sp10",
"scope": null,
"trust": 0.3,
"vendor": "sap",
"version": null
},
{
"model": "netweaver sp20",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "640"
},
{
"model": "netweaver nw04s sp8",
"scope": null,
"trust": 0.3,
"vendor": "sap",
"version": null
},
{
"model": "netweaver nw04s sp11",
"scope": null,
"trust": 0.3,
"vendor": "sap",
"version": null
},
{
"model": "sapgui c for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "4.6"
},
{
"model": "ag sapgui",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "6.4"
},
{
"model": "gui for windows patch level",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "6.4030"
},
{
"model": "netweaver developer studio sp21",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "2004"
},
{
"model": "netweaver nw04s sp7",
"scope": null,
"trust": 0.3,
"vendor": "sap",
"version": null
},
{
"model": "gui pl",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.10"
},
{
"model": "netweaver nw04 sp19",
"scope": null,
"trust": 0.3,
"vendor": "sap",
"version": null
},
{
"model": "netweaver nw04 sp18",
"scope": null,
"trust": 0.3,
"vendor": "sap",
"version": null
},
{
"model": "netweaver sp8",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.0"
},
{
"model": "gui patch",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "6.4029"
},
{
"model": "sapgui b for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "4.6"
},
{
"model": "netweaver nw04 sp16",
"scope": null,
"trust": 0.3,
"vendor": "sap",
"version": null
},
{
"model": "netweaver portal sp17",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "2004"
},
{
"model": "sapgui for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "4.6"
},
{
"model": "sapgui a for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "4.6"
},
{
"model": "netweaver developer studio sp17",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "-2004"
}
],
"sources": [
{
"db": "BID",
"id": "35729"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andreas Baus and Rene Ledosquet from Secaron AG",
"sources": [
{
"db": "BID",
"id": "35729"
}
],
"trust": 0.3
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP NetWeaver is prone to an information-disclosure vulnerability because it fails to properly secure communication channels between clients and servers.\nSuccessful exploits will allow attackers to obtain sensitive information that may aid in further attacks.",
"sources": [
{
"db": "BID",
"id": "35729"
}
],
"trust": 0.3
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "35729",
"trust": 0.3
}
],
"sources": [
{
"db": "BID",
"id": "35729"
}
]
},
"id": "VAR-200907-0583",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.37810928875
},
"last_update_date": "2022-05-17T01:41:46.141000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.3,
"url": "http://www.secaron.de/content/presse/fachartikel/sniffing_diag.pdf"
},
{
"trust": 0.3,
"url": "http://www.sap.com/platform/netweaver/index.epx"
}
],
"sources": [
{
"db": "BID",
"id": "35729"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "35729"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-07-17T00:00:00",
"db": "BID",
"id": "35729"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-07-17T21:16:00",
"db": "BID",
"id": "35729"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "35729"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP NetWeaver Password Information Disclosure Vulnerability",
"sources": [
{
"db": "BID",
"id": "35729"
}
],
"trust": 0.3
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "35729"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…