var-201302-0013
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter. The SPML service allows users to perform cross-site request forgery attacks, and can log in to the user administrator context to perform arbitrary operations, such as creating arbitrary users. The CTC service has an error when performing some verification checks and can be utilized to access user management and OS command execution functions. TH_GREP reports an error when processing a partial SOAP request, and can inject any SHELL command with the \"
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201302-0013",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netweaver",
"scope": "eq",
"trust": 6.9,
"vendor": "sap",
"version": "7.0"
},
{
"model": "netweaver sp15",
"scope": "eq",
"trust": 4.5,
"vendor": "sap",
"version": "7.0"
},
{
"model": "netweaver sp8",
"scope": "eq",
"trust": 4.5,
"vendor": "sap",
"version": "7.0"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 4.5,
"vendor": "sap",
"version": "7.10"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 4.5,
"vendor": "sap",
"version": "7.30"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 4.5,
"vendor": "sap",
"version": "7.02"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 4.5,
"vendor": "sap",
"version": "7.01"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 2.4,
"vendor": "sap",
"version": "4.0"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 2.4,
"vendor": "sap",
"version": "6.4"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": null
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "7.0 ehp1"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "7.0 ehp2"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "7.0 sp15"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "7.0 sp8"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-4916"
},
{
"db": "CNVD",
"id": "CNVD-2011-4917"
},
{
"db": "CNVD",
"id": "CNVD-2011-4915"
},
{
"db": "CNVD",
"id": "CNVD-2011-4912"
},
{
"db": "CNVD",
"id": "CNVD-2011-4914"
},
{
"db": "CNVD",
"id": "CNVD-2011-4913"
},
{
"db": "CNVD",
"id": "CNVD-2011-4911"
},
{
"db": "BID",
"id": "50680"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001560"
},
{
"db": "NVD",
"id": "CVE-2011-5260"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-162"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver:7.0:sp8:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver:7.0:sp15:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver:7.0:ehp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver:7.0:ehp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver:6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-5260"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dmitriy Chastuchin, Dmitriy Evdokimov, Alexandr Polyakov and Alexey Tyurin of Digital Security Research Group (DSecRG)",
"sources": [
{
"db": "BID",
"id": "50680"
}
],
"trust": 0.3
},
"cve": "CVE-2011-5260",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2011-5260",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-5260",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201302-162",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001560"
},
{
"db": "NVD",
"id": "CVE-2011-5260"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-162"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter. The SPML service allows users to perform cross-site request forgery attacks, and can log in to the user administrator context to perform arbitrary operations, such as creating arbitrary users. The CTC service has an error when performing some verification checks and can be utilized to access user management and OS command execution functions. TH_GREP reports an error when processing a partial SOAP request, and can inject any SHELL command with the \\\"\u003cSTRING\u003e\\\" parameter. The \\\"instname\\\" parameter passed to the VsiTestScan servlet in the virus scanning interface and the input of the \\\"name\\\" parameter in the VsiTestServlet servlet are missing filtering before returning to the user, which can lead to cross-site scripting attacks. When using transaction \\\"sa38\\\", RSTXSCRP reports an error and can be exploited to inject any UNC path through the \\\"File Name\\\" field. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. Inputs passed to the BAPI Explorer through partial transactions are missing prior to use and can be exploited to inject arbitrary HTML and script code that can be executed on the target user\u0027s browser when viewed maliciously. SAP Netweaver is prone to multiple cross-site scripting vulnerabilities, a path traversal vulnerability, an html-injection vulnerability, a cross-site request-forgery vulnerability, and an authentication-bypass vulnerability. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary commands in the context of the application, disclose sensitive information, perform certain administrative actions, gain unauthorized access, or bypass certain security restrictions",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-5260"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001560"
},
{
"db": "CNVD",
"id": "CNVD-2011-4916"
},
{
"db": "CNVD",
"id": "CNVD-2011-4917"
},
{
"db": "CNVD",
"id": "CNVD-2011-4915"
},
{
"db": "CNVD",
"id": "CNVD-2011-4912"
},
{
"db": "CNVD",
"id": "CNVD-2011-4914"
},
{
"db": "CNVD",
"id": "CNVD-2011-4913"
},
{
"db": "CNVD",
"id": "CNVD-2011-4911"
},
{
"db": "BID",
"id": "50680"
}
],
"trust": 5.67
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "50680",
"trust": 4.5
},
{
"db": "NVD",
"id": "CVE-2011-5260",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001560",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-4916",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-4917",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-4915",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-4912",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-4914",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-4913",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-4911",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20111117 [DSECRG-11-037] SAP BW DOC - MULTIPLE XSS",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201302-162",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-4916"
},
{
"db": "CNVD",
"id": "CNVD-2011-4917"
},
{
"db": "CNVD",
"id": "CNVD-2011-4915"
},
{
"db": "CNVD",
"id": "CNVD-2011-4912"
},
{
"db": "CNVD",
"id": "CNVD-2011-4914"
},
{
"db": "CNVD",
"id": "CNVD-2011-4913"
},
{
"db": "CNVD",
"id": "CNVD-2011-4911"
},
{
"db": "BID",
"id": "50680"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001560"
},
{
"db": "NVD",
"id": "CVE-2011-5260"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-162"
}
]
},
"id": "VAR-201302-0013",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-4916"
},
{
"db": "CNVD",
"id": "CNVD-2011-4917"
},
{
"db": "CNVD",
"id": "CNVD-2011-4915"
},
{
"db": "CNVD",
"id": "CNVD-2011-4912"
},
{
"db": "CNVD",
"id": "CNVD-2011-4914"
},
{
"db": "CNVD",
"id": "CNVD-2011-4913"
},
{
"db": "CNVD",
"id": "CNVD-2011-4911"
}
],
"trust": 4.6931946133333335
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 4.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-4916"
},
{
"db": "CNVD",
"id": "CNVD-2011-4917"
},
{
"db": "CNVD",
"id": "CNVD-2011-4915"
},
{
"db": "CNVD",
"id": "CNVD-2011-4912"
},
{
"db": "CNVD",
"id": "CNVD-2011-4914"
},
{
"db": "CNVD",
"id": "CNVD-2011-4913"
},
{
"db": "CNVD",
"id": "CNVD-2011-4911"
}
]
},
"last_update_date": "2023-12-18T12:21:49.292000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Archive for Acknowledgments to Security Researchers",
"trust": 0.8,
"url": "http://www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4"
},
{
"title": "Patch for SAP NetWeaver Cross-Site Request Forgery Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/5913"
},
{
"title": "Patch for SAP NetWeaver Feature Access Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/5922"
},
{
"title": "Patch for SAP NetWeaver Command Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/5912"
},
{
"title": "Patch for SAP NetWeaver Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/5909"
},
{
"title": "Patch for SAP NetWeaver Path Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/5911"
},
{
"title": "Patch for SAP NetWeaver \u0027page\u0027 parameter cross-site scripting vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/5910"
},
{
"title": "SAP Netweaver Script Injection Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/5908"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-4916"
},
{
"db": "CNVD",
"id": "CNVD-2011-4917"
},
{
"db": "CNVD",
"id": "CNVD-2011-4915"
},
{
"db": "CNVD",
"id": "CNVD-2011-4912"
},
{
"db": "CNVD",
"id": "CNVD-2011-4914"
},
{
"db": "CNVD",
"id": "CNVD-2011-4913"
},
{
"db": "CNVD",
"id": "CNVD-2011-4911"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001560"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001560"
},
{
"db": "NVD",
"id": "CVE-2011-5260"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://dsecrg.com/pages/vul/show.php?id=337"
},
{
"trust": 1.6,
"url": "http://www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/520555/100/0/threaded"
},
{
"trust": 1.0,
"url": "https://erpscan.io/advisories/dsecrg-11-037-sap-bw-doc-multiple-xss/"
},
{
"trust": 0.9,
"url": "http://dsecrg.com/pages/vul/show.php?id=341"
},
{
"trust": 0.9,
"url": "http://dsecrg.com/pages/vul/show.php?id=335"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5260"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5260"
},
{
"trust": 0.6,
"url": "http://dsecrg.com/pages/vul/show.php?id=340http"
},
{
"trust": 0.6,
"url": "http://dsecrg.com/pages/vul/show.php?id=339http"
},
{
"trust": 0.6,
"url": "http://dsecrg.com/pages/vul/show.php?id=336http"
},
{
"trust": 0.6,
"url": "http://dsecrg.com/pages/vul/show.php?id=338http"
},
{
"trust": 0.6,
"url": "http://dsecrg.com/pages/vul/show.php?id=337http"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/520555/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://erpscan.com/advisories/dsecrg-11-037-sap-bw-doc-multiple-xss/"
},
{
"trust": 0.3,
"url": "http://dsecrg.com/pages/vul/show.php?id=336"
},
{
"trust": 0.3,
"url": "http://dsecrg.com/pages/vul/show.php?id=339"
},
{
"trust": 0.3,
"url": "http://dsecrg.com/pages/vul/show.php?id=340"
},
{
"trust": 0.3,
"url": "http://dsecrg.com/pages/vul/show.php?id=338"
},
{
"trust": 0.3,
"url": "http://www.sap.com/platform/netweaver/index.epx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-4916"
},
{
"db": "CNVD",
"id": "CNVD-2011-4917"
},
{
"db": "CNVD",
"id": "CNVD-2011-4915"
},
{
"db": "CNVD",
"id": "CNVD-2011-4912"
},
{
"db": "CNVD",
"id": "CNVD-2011-4914"
},
{
"db": "CNVD",
"id": "CNVD-2011-4913"
},
{
"db": "CNVD",
"id": "CNVD-2011-4911"
},
{
"db": "BID",
"id": "50680"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001560"
},
{
"db": "NVD",
"id": "CVE-2011-5260"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-162"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2011-4916"
},
{
"db": "CNVD",
"id": "CNVD-2011-4917"
},
{
"db": "CNVD",
"id": "CNVD-2011-4915"
},
{
"db": "CNVD",
"id": "CNVD-2011-4912"
},
{
"db": "CNVD",
"id": "CNVD-2011-4914"
},
{
"db": "CNVD",
"id": "CNVD-2011-4913"
},
{
"db": "CNVD",
"id": "CNVD-2011-4911"
},
{
"db": "BID",
"id": "50680"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001560"
},
{
"db": "NVD",
"id": "CVE-2011-5260"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-162"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-11-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-4916"
},
{
"date": "2011-11-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-4917"
},
{
"date": "2011-11-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-4915"
},
{
"date": "2011-11-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-4912"
},
{
"date": "2011-11-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-4914"
},
{
"date": "2011-11-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-4913"
},
{
"date": "2011-11-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-4911"
},
{
"date": "2011-11-15T00:00:00",
"db": "BID",
"id": "50680"
},
{
"date": "2013-02-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001560"
},
{
"date": "2013-02-12T20:55:03.653000",
"db": "NVD",
"id": "CVE-2011-5260"
},
{
"date": "2013-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201302-162"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-11-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-4916"
},
{
"date": "2011-11-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-4917"
},
{
"date": "2011-11-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-4915"
},
{
"date": "2011-11-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-4912"
},
{
"date": "2011-11-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-4914"
},
{
"date": "2011-11-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-4913"
},
{
"date": "2011-11-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-4911"
},
{
"date": "2013-02-14T12:21:00",
"db": "BID",
"id": "50680"
},
{
"date": "2013-02-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001560"
},
{
"date": "2018-12-10T19:29:00.717000",
"db": "NVD",
"id": "CVE-2011-5260"
},
{
"date": "2013-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201302-162"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201302-162"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP NetWeaver Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-4912"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-162"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201302-162"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.