var-201302-0416
Vulnerability from variot
There is a security vulnerability in SAP NetWeaver, and the application does not properly restrict access to GRMGApp, allowing an attacker to exploit the vulnerability to send administrative commands to the gateway or message server. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. There is a security vulnerability in SAP NetWeaver. There is an unspecified error in GRMGApp when parsing external XML entities, allowing an attacker to exploit the vulnerability to read local file content
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201302-0416",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netweaver",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": "7.x"
}
],
"sources": [
{
"db": "IVD",
"id": "cf3db9e4-1f34-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "ccc04506-1f34-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01257"
},
{
"db": "CNVD",
"id": "CNVD-2013-01259"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": null,
"accessVector": null,
"authentication": null,
"author": "IVD",
"availabilityImpact": null,
"baseScore": null,
"confidentialityImpact": null,
"exploitabilityScore": null,
"id": "cf3db9e4-1f34-11e6-abef-000c29c66e3d",
"impactScore": null,
"integrityImpact": null,
"severity": null,
"trust": 0.2,
"vectorString": null,
"version": "unknown"
},
{
"accessComplexity": null,
"accessVector": null,
"authentication": null,
"author": "IVD",
"availabilityImpact": null,
"baseScore": null,
"confidentialityImpact": null,
"exploitabilityScore": null,
"id": "ccc04506-1f34-11e6-abef-000c29c66e3d",
"impactScore": null,
"integrityImpact": null,
"severity": null,
"trust": 0.2,
"vectorString": null,
"version": "unknown"
}
],
"cvssV3": [],
"severity": [
{
"author": "IVD",
"id": "cf3db9e4-1f34-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "ccc04506-1f34-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "cf3db9e4-1f34-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "ccc04506-1f34-11e6-abef-000c29c66e3d"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There is a security vulnerability in SAP NetWeaver, and the application does not properly restrict access to GRMGApp, allowing an attacker to exploit the vulnerability to send administrative commands to the gateway or message server. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. There is a security vulnerability in SAP NetWeaver. There is an unspecified error in GRMGApp when parsing external XML entities, allowing an attacker to exploit the vulnerability to read local file content",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-01257"
},
{
"db": "CNVD",
"id": "CNVD-2013-01259"
},
{
"db": "IVD",
"id": "cf3db9e4-1f34-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "ccc04506-1f34-11e6-abef-000c29c66e3d"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "52272",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2013-01257",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-01259",
"trust": 0.8
},
{
"db": "IVD",
"id": "CF3DB9E4-1F34-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "CCC04506-1F34-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "cf3db9e4-1f34-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "ccc04506-1f34-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01257"
},
{
"db": "CNVD",
"id": "CNVD-2013-01259"
}
]
},
"id": "VAR-201302-0416",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "cf3db9e4-1f34-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "ccc04506-1f34-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01257"
},
{
"db": "CNVD",
"id": "CNVD-2013-01259"
}
],
"trust": 1.8691792200000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.6
}
],
"sources": [
{
"db": "IVD",
"id": "cf3db9e4-1f34-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "ccc04506-1f34-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01257"
},
{
"db": "CNVD",
"id": "CNVD-2013-01259"
}
]
},
"last_update_date": "2022-05-17T01:43:25.801000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP NetWeaver GRMGApp security bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/32164"
},
{
"title": "Patch for SAP NetWeaver GRMGApp XML File Parsing Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/32165"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-01257"
},
{
"db": "CNVD",
"id": "CNVD-2013-01259"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "http://secunia.com/advisories/52272/http"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-01257"
},
{
"db": "CNVD",
"id": "CNVD-2013-01259"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "cf3db9e4-1f34-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "ccc04506-1f34-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01257"
},
{
"db": "CNVD",
"id": "CNVD-2013-01259"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-02-25T00:00:00",
"db": "IVD",
"id": "cf3db9e4-1f34-11e6-abef-000c29c66e3d"
},
{
"date": "2013-02-25T00:00:00",
"db": "IVD",
"id": "ccc04506-1f34-11e6-abef-000c29c66e3d"
},
{
"date": "2013-02-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-01257"
},
{
"date": "2013-02-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-01259"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-02-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-01257"
},
{
"date": "2013-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-01259"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP NetWeaver GRMGApp Security Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "cf3db9e4-1f34-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01257"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access verification error",
"sources": [
{
"db": "IVD",
"id": "cf3db9e4-1f34-11e6-abef-000c29c66e3d"
}
],
"trust": 0.2
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.