var-201402-0241
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. There are several vulnerabilities in SAP NetWeaver: 1. Portal handles the vulnerability of WebDyn Pro and can leak path information. 2, the message server has an unspecified error, allowing the attacker to exploit the vulnerability to crash the server. 3. The relevant DIR error input lacks filtering before returning to the user, allowing remote attackers to exploit the vulnerability for cross-site scripting attacks to obtain sensitive information or hijack user sessions. 4. Some of the relevant ISpeakAdapter inputs lack filtering before returning to the user, allowing remote attackers to exploit the vulnerability for cross-site scripting attacks to obtain sensitive information or hijack user sessions. A remote attacker can exploit a vulnerability to get sensitive information or crash an application. SAP NetWeaver is prone to multiple security vulnerabilities, including: 1. An information-disclosure vulnerability 2. Multiple cross-site scripting vulnerabilities 3. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201402-0241",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netweaver",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": "7.10"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": "7.02"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": "7.0"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": "7.11"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": "3.0"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": "7.01"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "for sap exchange infrastructure (bc-xi) 3.0"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "for sap exchange infrastructure (bc-xi) 7.00 to 7.02"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "for sap exchange infrastructure (bc-xi) 7.10 to 7.11"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.6,
"vendor": "sap",
"version": "7.x"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01007"
},
{
"db": "BID",
"id": "65547"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001415"
},
{
"db": "NVD",
"id": "CVE-2014-1965"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-208"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver:7.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver:7.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver:7.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver:7.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1965"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alexander Polyakov, George Nosenko and Dmitry Chastukhin",
"sources": [
{
"db": "BID",
"id": "65547"
}
],
"trust": 0.3
},
"cve": "CVE-2014-1965",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-1965",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-01007",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-1965",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-01007",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201402-208",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01007"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001415"
},
{
"db": "NVD",
"id": "CVE-2014-1965"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-208"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. There are several vulnerabilities in SAP NetWeaver: 1. Portal handles the vulnerability of WebDyn Pro and can leak path information. 2, the message server has an unspecified error, allowing the attacker to exploit the vulnerability to crash the server. 3. The relevant DIR error input lacks filtering before returning to the user, allowing remote attackers to exploit the vulnerability for cross-site scripting attacks to obtain sensitive information or hijack user sessions. 4. Some of the relevant ISpeakAdapter inputs lack filtering before returning to the user, allowing remote attackers to exploit the vulnerability for cross-site scripting attacks to obtain sensitive information or hijack user sessions. A remote attacker can exploit a vulnerability to get sensitive information or crash an application. SAP NetWeaver is prone to multiple security vulnerabilities, including:\n1. An information-disclosure vulnerability\n2. Multiple cross-site scripting vulnerabilities\n3. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1965"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001415"
},
{
"db": "CNVD",
"id": "CNVD-2014-01007"
},
{
"db": "BID",
"id": "65547"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1965",
"trust": 3.0
},
{
"db": "SECUNIA",
"id": "56947",
"trust": 1.6
},
{
"db": "BID",
"id": "65547",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001415",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2014-01007",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201402-208",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01007"
},
{
"db": "BID",
"id": "65547"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001415"
},
{
"db": "NVD",
"id": "CVE-2014-1965"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-208"
}
]
},
"id": "VAR-201402-0241",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01007"
}
],
"trust": 0.87111164
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01007"
}
]
},
"last_update_date": "2023-12-18T13:39:58.037000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.sap.com/index.html"
},
{
"title": "SAP NetWeaver has multiple vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/43676"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01007"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001415"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001415"
},
{
"db": "NVD",
"id": "CVE-2014-1965"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://erpscan.com/advisories/erpscan-14-006-sap-netweaver-pip-xss/"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/56947"
},
{
"trust": 1.6,
"url": "http://www.stechno.net/sap-notes.html?view=sapnote\u0026id=1442517"
},
{
"trust": 1.6,
"url": "https://service.sap.com/sap/support/notes/1442517"
},
{
"trust": 1.0,
"url": "https://erpscan.io/advisories/erpscan-14-006-sap-netweaver-pip-xss/"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91094"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1965"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1965"
},
{
"trust": 0.6,
"url": "http://erpscan.com/advisories/erpscan-14-001-sap-netweaver-message-server-dos/"
},
{
"trust": 0.6,
"url": "http://erpscan.com/advisories/erpscan-14-002-sap-portal-webdynpro-path-disclosure/"
},
{
"trust": 0.6,
"url": "http://erpscan.com/advisories/erpscan-14-005-sap-netweaver-dir-error-xss/"
},
{
"trust": 0.3,
"url": "http://www.sap.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01007"
},
{
"db": "BID",
"id": "65547"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001415"
},
{
"db": "NVD",
"id": "CVE-2014-1965"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-208"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-01007"
},
{
"db": "BID",
"id": "65547"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001415"
},
{
"db": "NVD",
"id": "CVE-2014-1965"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-208"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01007"
},
{
"date": "2014-02-01T00:00:00",
"db": "BID",
"id": "65547"
},
{
"date": "2014-02-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001415"
},
{
"date": "2014-02-14T15:55:07.830000",
"db": "NVD",
"id": "CVE-2014-1965"
},
{
"date": "2014-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-208"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01007"
},
{
"date": "2014-02-01T00:00:00",
"db": "BID",
"id": "65547"
},
{
"date": "2014-02-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001415"
},
{
"date": "2018-12-10T19:29:04.140000",
"db": "NVD",
"id": "CVE-2014-1965"
},
{
"date": "2014-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-208"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201402-208"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP NetWeaver for SAP Exchange Infrastructure Component cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001415"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201402-208"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.