var-201402-0239
Vulnerability from variot
Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. There are several vulnerabilities in SAP NetWeaver: 1. Portal handles the vulnerability of WebDyn Pro and can leak path information. 3. The relevant DIR error input lacks filtering before returning to the user, allowing remote attackers to exploit the vulnerability for cross-site scripting attacks to obtain sensitive information or hijack user sessions. 4. Some of the relevant ISpeakAdapter inputs lack filtering before returning to the user, allowing remote attackers to exploit the vulnerability for cross-site scripting attacks to obtain sensitive information or hijack user sessions. A remote attacker can exploit a vulnerability to get sensitive information or crash an application. SAP NetWeaver is prone to multiple security vulnerabilities, including: 1. An information-disclosure vulnerability 2. Multiple cross-site scripting vulnerabilities 3. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201402-0239",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netweaver",
"scope": "eq",
"trust": 2.4,
"vendor": "sap",
"version": "7.20"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.6,
"vendor": "sap",
"version": "7.x"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01007"
},
{
"db": "BID",
"id": "65547"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001413"
},
{
"db": "NVD",
"id": "CVE-2014-1963"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-206"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver:7.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1963"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alexander Polyakov, George Nosenko and Dmitry Chastukhin",
"sources": [
{
"db": "BID",
"id": "65547"
}
],
"trust": 0.3
},
"cve": "CVE-2014-1963",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-1963",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-01007",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-1963",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-01007",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201402-206",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01007"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001413"
},
{
"db": "NVD",
"id": "CVE-2014-1963"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-206"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. There are several vulnerabilities in SAP NetWeaver: 1. Portal handles the vulnerability of WebDyn Pro and can leak path information. 3. The relevant DIR error input lacks filtering before returning to the user, allowing remote attackers to exploit the vulnerability for cross-site scripting attacks to obtain sensitive information or hijack user sessions. 4. Some of the relevant ISpeakAdapter inputs lack filtering before returning to the user, allowing remote attackers to exploit the vulnerability for cross-site scripting attacks to obtain sensitive information or hijack user sessions. A remote attacker can exploit a vulnerability to get sensitive information or crash an application. SAP NetWeaver is prone to multiple security vulnerabilities, including:\n1. An information-disclosure vulnerability\n2. Multiple cross-site scripting vulnerabilities\n3. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1963"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001413"
},
{
"db": "CNVD",
"id": "CNVD-2014-01007"
},
{
"db": "BID",
"id": "65547"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1963",
"trust": 3.0
},
{
"db": "SECUNIA",
"id": "56947",
"trust": 1.6
},
{
"db": "BID",
"id": "65547",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001413",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2014-01007",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201402-206",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01007"
},
{
"db": "BID",
"id": "65547"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001413"
},
{
"db": "NVD",
"id": "CVE-2014-1963"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-206"
}
]
},
"id": "VAR-201402-0239",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01007"
}
],
"trust": 0.87111164
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01007"
}
]
},
"last_update_date": "2023-12-18T13:39:58.097000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP Security Note 1773912",
"trust": 0.8,
"url": "http://scn.sap.com/docs/doc-8218"
},
{
"title": "SAP NetWeaver has multiple vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/43676"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01007"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001413"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1963"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://erpscan.com/advisories/erpscan-14-001-sap-netweaver-message-server-dos/"
},
{
"trust": 1.6,
"url": "http://scn.sap.com/docs/doc-8218"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/56947"
},
{
"trust": 1.6,
"url": "https://service.sap.com/sap/support/notes/1773912"
},
{
"trust": 1.0,
"url": "https://erpscan.io/advisories/erpscan-14-001-sap-netweaver-message-server-dos/"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91097"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1963"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1963"
},
{
"trust": 0.6,
"url": "http://erpscan.com/advisories/erpscan-14-002-sap-portal-webdynpro-path-disclosure/"
},
{
"trust": 0.6,
"url": "http://erpscan.com/advisories/erpscan-14-005-sap-netweaver-dir-error-xss/"
},
{
"trust": 0.6,
"url": "http://erpscan.com/advisories/erpscan-14-006-sap-netweaver-pip-xss/"
},
{
"trust": 0.3,
"url": "http://www.sap.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01007"
},
{
"db": "BID",
"id": "65547"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001413"
},
{
"db": "NVD",
"id": "CVE-2014-1963"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-206"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-01007"
},
{
"db": "BID",
"id": "65547"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001413"
},
{
"db": "NVD",
"id": "CVE-2014-1963"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-206"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01007"
},
{
"date": "2014-02-01T00:00:00",
"db": "BID",
"id": "65547"
},
{
"date": "2014-02-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001413"
},
{
"date": "2014-02-14T15:55:07.533000",
"db": "NVD",
"id": "CVE-2014-1963"
},
{
"date": "2014-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-206"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01007"
},
{
"date": "2014-02-01T00:00:00",
"db": "BID",
"id": "65547"
},
{
"date": "2014-02-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001413"
},
{
"date": "2018-12-10T19:29:03.810000",
"db": "NVD",
"id": "CVE-2014-1963"
},
{
"date": "2014-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-206"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201402-206"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP NetWeaver of Message Server Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001413"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "65547"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.