VAR-201712-0108
Vulnerability from variot - Updated: 2023-12-18 14:05SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application. SAP Netweaver is prone to a vulnerability that lets attackers inject and execute arbitrary code. Successful exploits may allow an attacker to inject and run arbitrary code or obtain sensitive information that may aid in further attacks. Failed exploit attempts may result in a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0108",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netweaver internet transaction server",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": null
},
{
"model": "business application software integrated solution",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": "7.30"
},
{
"model": "business application software integrated solution",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": "7.31"
},
{
"model": "business application software integrated solution",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": "7.40"
},
{
"model": "business application software integrated solution",
"scope": "gte",
"trust": 1.0,
"vendor": "sap",
"version": "7.50"
},
{
"model": "business application software integrated solution",
"scope": "gte",
"trust": 1.0,
"vendor": "sap",
"version": "7.00"
},
{
"model": "business application software integrated solution",
"scope": "lte",
"trust": 1.0,
"vendor": "sap",
"version": "7.52"
},
{
"model": "business application software integrated solution",
"scope": "lte",
"trust": 1.0,
"vendor": "sap",
"version": "7.02"
},
{
"model": "basis",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "7.00 to 7.02"
},
{
"model": "basis",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "7.30"
},
{
"model": "basis",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "7.31"
},
{
"model": "basis",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "7.40"
},
{
"model": "basis",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "7.50 to 7.52"
},
{
"model": "netweaver internet transaction server",
"scope": null,
"trust": 0.8,
"vendor": "sap",
"version": null
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "102143"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011211"
},
{
"db": "NVD",
"id": "CVE-2017-16682"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-418"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_internet_transaction_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:business_application_software_integrated_solution:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.02",
"versionStartIncluding": "7.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:business_application_software_integrated_solution:7.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:business_application_software_integrated_solution:7.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:business_application_software_integrated_solution:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.52",
"versionStartIncluding": "7.50",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:business_application_software_integrated_solution:7.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16682"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "102143"
}
],
"trust": 0.3
},
"cve": "CVE-2017-16682",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-16682",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-16682",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-16682",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-418",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011211"
},
{
"db": "NVD",
"id": "CVE-2017-16682"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-418"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application. SAP Netweaver is prone to a vulnerability that lets attackers inject and execute arbitrary code. \nSuccessful exploits may allow an attacker to inject and run arbitrary code or obtain sensitive information that may aid in further attacks. Failed exploit attempts may result in a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16682"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011211"
},
{
"db": "BID",
"id": "102143"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-16682",
"trust": 2.7
},
{
"db": "BID",
"id": "102143",
"trust": 1.3
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011211",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-418",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "102143"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011211"
},
{
"db": "NVD",
"id": "CVE-2017-16682"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-418"
}
]
},
"id": "VAR-201712-0108",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.27111164
},
"last_update_date": "2023-12-18T14:05:37.255000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "December 2017 (2526781)",
"trust": 0.8,
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"title": "SAP NetWeaver Internet Transaction Server Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77124"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011211"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-418"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011211"
},
{
"db": "NVD",
"id": "CVE-2017-16682"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://launchpad.support.sap.com/#/notes/2526781"
},
{
"trust": 1.9,
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/102143"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16682"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16682"
},
{
"trust": 0.3,
"url": "http://www.sap.com/"
}
],
"sources": [
{
"db": "BID",
"id": "102143"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011211"
},
{
"db": "NVD",
"id": "CVE-2017-16682"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-418"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "102143"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011211"
},
{
"db": "NVD",
"id": "CVE-2017-16682"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-418"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-12T00:00:00",
"db": "BID",
"id": "102143"
},
{
"date": "2018-01-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011211"
},
{
"date": "2017-12-12T14:29:00.403000",
"db": "NVD",
"id": "CVE-2017-16682"
},
{
"date": "2017-12-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-418"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-19T22:01:00",
"db": "BID",
"id": "102143"
},
{
"date": "2018-01-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011211"
},
{
"date": "2017-12-22T14:34:21.977000",
"db": "NVD",
"id": "CVE-2017-16682"
},
{
"date": "2017-12-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-418"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-418"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP NetWeaver Internet Transaction Server and SAP Basis Code injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011211"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-418"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…