var-201605-0004
Vulnerability from variot
The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "Detour" attack. Attacks on this vulnerability 2013 From 2016 Observed in year. This vulnerability "Detour" It is called an attack. Vendors have confirmed this vulnerability SAP Security Note 1445998 It is released as.By a third party HTTP Or HTTPS Arbitrary code may be executed via a request. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. The SAP Netweaver Invoker Servlet has a security vulnerability that allows an attacker to call any servlet even if it is declared in a web.xml file. This includes any servlet classes available in the application classloader, such as those in the WEB-INF\classes, WEB-INF\lib, and WEB-INF\additinal-lib application directories. Multiple servlets included with Java applications are not designed for direct client access, but instead interact inside the application, thus causing arbitrary calls to be performed and invisible operations on the SAP server. An attacker may leverage this issue to execute arbitrary script code within the context of the affected application
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201605-0004",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netweaver",
"scope": "eq",
"trust": 1.5,
"vendor": "sap",
"version": "7.30"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 1.1,
"vendor": "sap",
"version": "7.0"
},
{
"model": "netweaver application server java",
"scope": "lte",
"trust": 1.0,
"vendor": "sap",
"version": "7.30"
},
{
"model": "netweaver sp15",
"scope": "eq",
"trust": 0.9,
"vendor": "sap",
"version": "7.0"
},
{
"model": "netweaver sp8",
"scope": "eq",
"trust": 0.9,
"vendor": "sap",
"version": "7.0"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.9,
"vendor": "sap",
"version": "7.10"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.9,
"vendor": "sap",
"version": "7.02"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.9,
"vendor": "sap",
"version": "7.01"
},
{
"model": "netweaver application server java",
"scope": "lt",
"trust": 0.8,
"vendor": "sap",
"version": "7.3"
},
{
"model": "solution manager",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "supply chain management",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "product lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "netweaver composition environment",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "exchange infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "enterprise portal",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "netweaver sp15",
"scope": "eq",
"trust": 0.2,
"vendor": "sap",
"version": "7.0*"
},
{
"model": "netweaver sp8",
"scope": "eq",
"trust": 0.2,
"vendor": "sap",
"version": "7.0*"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.2,
"vendor": "sap",
"version": "7.10*"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.2,
"vendor": "sap",
"version": "7.30*"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.2,
"vendor": "sap",
"version": "7.02*"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.2,
"vendor": "sap",
"version": "7.01*"
}
],
"sources": [
{
"db": "IVD",
"id": "39506c1a-1f8e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-2905"
},
{
"db": "BID",
"id": "90533"
},
{
"db": "BID",
"id": "48925"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002737"
},
{
"db": "NVD",
"id": "CVE-2010-5326"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-399"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_java:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.30",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-5326"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Onapsis Security",
"sources": [
{
"db": "BID",
"id": "90533"
},
{
"db": "BID",
"id": "48925"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-453"
}
],
"trust": 1.2
},
"cve": "CVE-2010-5326",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2010-5326",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": null,
"accessVector": null,
"authentication": null,
"author": "IVD",
"availabilityImpact": null,
"baseScore": null,
"confidentialityImpact": null,
"exploitabilityScore": null,
"id": "39506c1a-1f8e-11e6-abef-000c29c66e3d",
"impactScore": null,
"integrityImpact": null,
"severity": null,
"trust": 0.2,
"vectorString": null,
"version": "unknown"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 10.0,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2010-5326",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-5326",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-399",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "39506c1a-1f8e-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2010-5326",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "39506c1a-1f8e-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2010-5326"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002737"
},
{
"db": "NVD",
"id": "CVE-2010-5326"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-399"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a \"Detour\" attack. Attacks on this vulnerability 2013 From 2016 Observed in year. This vulnerability \"Detour\" It is called an attack. Vendors have confirmed this vulnerability SAP Security Note 1445998 It is released as.By a third party HTTP Or HTTPS Arbitrary code may be executed via a request. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. The SAP Netweaver Invoker Servlet has a security vulnerability that allows an attacker to call any servlet even if it is declared in a web.xml file. This includes any servlet classes available in the application classloader, such as those in the WEB-INF\\\\classes, WEB-INF\\\\lib, and WEB-INF\\\\additinal-lib application directories. Multiple servlets included with Java applications are not designed for direct client access, but instead interact inside the application, thus causing arbitrary calls to be performed and invisible operations on the SAP server. \nAn attacker may leverage this issue to execute arbitrary script code within the context of the affected application",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-5326"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002737"
},
{
"db": "CNVD",
"id": "CNVD-2011-2905"
},
{
"db": "BID",
"id": "90533"
},
{
"db": "BID",
"id": "48925"
},
{
"db": "IVD",
"id": "39506c1a-1f8e-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2010-5326"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "48925",
"trust": 3.2
},
{
"db": "NVD",
"id": "CVE-2010-5326",
"trust": 2.8
},
{
"db": "USCERT",
"id": "TA16-132A",
"trust": 2.5
},
{
"db": "BID",
"id": "90533",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2011-2905",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002737",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201107-453",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201605-399",
"trust": 0.6
},
{
"db": "IVD",
"id": "39506C1A-1F8E-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2010-5326",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "39506c1a-1f8e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-2905"
},
{
"db": "VULMON",
"id": "CVE-2010-5326"
},
{
"db": "BID",
"id": "90533"
},
{
"db": "BID",
"id": "48925"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002737"
},
{
"db": "NVD",
"id": "CVE-2010-5326"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-453"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-399"
}
]
},
"id": "VAR-201605-0004",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "39506c1a-1f8e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-2905"
}
],
"trust": 1.3171288840000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "39506c1a-1f8e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-2905"
}
]
},
"last_update_date": "2023-12-18T13:03:19.061000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Invoker Servlet",
"trust": 0.8,
"url": "http://help.sap.com/saphelp_nw70ehp2/helpdata/en/bb/f2b9d88ba4e8459e5a69cb513597ec/frameset.htm"
},
{
"title": "US-CERT \u30a2\u30e9\u30fc\u30c8\u60c5\u5831\uff1aSAP \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30ce\u30fc\u30c8 1445998 \u3067\u89e3\u6c7a\u6e08\u307f\u306e\u554f\u984c\u306b\u3064\u3044\u3066\u518d\u5ea6\u306e\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "https://support.sap.com/ja.html"
},
{
"title": "Patch for SAP Netweaver Invoker Servlet Remote Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/4568"
},
{
"title": "SAP NetWeaver Application Server Invoker Servlet Fixes for arbitrary code execution vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61715"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2021/04/06/sap_patch_attacks/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/sap-bugs-cyberattack-compromise/165265/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-2905"
},
{
"db": "VULMON",
"id": "CVE-2010-5326"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002737"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-399"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-5326"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.onapsis.com/threat-report-tip-iceberg-wild-exploitation-cyber-attacks-sap-business-applications"
},
{
"trust": 2.5,
"url": "http://www.onapsis.com/research/publications/sap-security-in-depth-vol4-the-invoker-servlet-a-dangerous-detour-into-sap-java-solutions"
},
{
"trust": 2.5,
"url": "http://www.us-cert.gov/ncas/alerts/ta16-132a"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/48925"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/90533"
},
{
"trust": 1.7,
"url": "http://service.sap.com/sap/support/notes/1445998"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5326"
},
{
"trust": 0.8,
"url": "http://jvn.jp/ta/jvnta91951276/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-5326"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/48925/info"
},
{
"trust": 0.6,
"url": "http://www.onapsis.com/resources/download.php?id=7wkeuqheij%2bqq3jv4qpdjl1ffrxqqxpj5uloink%2bzeilka6bds1fhqzomd%2bpokyossoouymyxkdykay2dgrh\u0026lang=en ."
},
{
"trust": 0.3,
"url": "http://www.sap.com/platform/netweaver/index.epx"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.theregister.co.uk/2021/04/06/sap_patch_attacks/"
},
{
"trust": 0.1,
"url": "https://threatpost.com/sap-bugs-cyberattack-compromise/165265/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-2905"
},
{
"db": "VULMON",
"id": "CVE-2010-5326"
},
{
"db": "BID",
"id": "90533"
},
{
"db": "BID",
"id": "48925"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002737"
},
{
"db": "NVD",
"id": "CVE-2010-5326"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-453"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-399"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "39506c1a-1f8e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-2905"
},
{
"db": "VULMON",
"id": "CVE-2010-5326"
},
{
"db": "BID",
"id": "90533"
},
{
"db": "BID",
"id": "48925"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002737"
},
{
"db": "NVD",
"id": "CVE-2010-5326"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-453"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-399"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-07-29T00:00:00",
"db": "IVD",
"id": "39506c1a-1f8e-11e6-abef-000c29c66e3d"
},
{
"date": "2011-07-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-2905"
},
{
"date": "2016-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2010-5326"
},
{
"date": "2016-05-11T00:00:00",
"db": "BID",
"id": "90533"
},
{
"date": "2011-07-28T00:00:00",
"db": "BID",
"id": "48925"
},
{
"date": "2016-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002737"
},
{
"date": "2016-05-13T10:59:00.173000",
"db": "NVD",
"id": "CVE-2010-5326"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201107-453"
},
{
"date": "2016-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-399"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-07-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-2905"
},
{
"date": "2021-04-20T00:00:00",
"db": "VULMON",
"id": "CVE-2010-5326"
},
{
"date": "2016-07-05T22:21:00",
"db": "BID",
"id": "90533"
},
{
"date": "2011-07-28T00:00:00",
"db": "BID",
"id": "48925"
},
{
"date": "2016-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002737"
},
{
"date": "2021-04-20T18:41:50.707000",
"db": "NVD",
"id": "CVE-2010-5326"
},
{
"date": "2011-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201107-453"
},
{
"date": "2021-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-399"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201107-453"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-399"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP Netweaver Invoker Servlet Remote code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "39506c1a-1f8e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-2905"
},
{
"db": "BID",
"id": "48925"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-453"
}
],
"trust": 1.7
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code injection",
"sources": [
{
"db": "IVD",
"id": "39506c1a-1f8e-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-453"
}
],
"trust": 0.8
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.