ID
VAR-E-201111-0474
CVE
| cve_id: | CVE-2011-5260 | Trust: 0.3 |
| cve_id: | CVE-2011-4707 | Trust: 0.3 |
TITLE
SAP Netweaver Multiple Security Vulnerabilities
Trust: 0.3
DESCRIPTION
SAP Netweaver is prone to multiple cross-site scripting vulnerabilities, a path traversal vulnerability, an html-injection vulnerability, a cross-site request-forgery vulnerability, and an authentication-bypass vulnerability.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary commands in the context of the application, disclose sensitive information, perform certain administrative actions, gain unauthorized access, or bypass certain security restrictions.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.30 | Trust: 0.3 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.10 | Trust: 0.3 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.02 | Trust: 0.3 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.01 | Trust: 0.3 |
| vendor: | sap | model: | netweaver sp8 | scope: | eq | version: | 7.0 | Trust: 0.3 |
| vendor: | sap | model: | netweaver sp15 | scope: | eq | version: | 7.0 | Trust: 0.3 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.0 | Trust: 0.3 |
EXPLOIT
An attacker can use a web browser to exploit some of these issues.
To exploit a cross-site scripting or cross-site request forgery vulnerability, an attacker must entice an unsuspecting user to follow a malicious URI.
An attacker can use readily available tools to exploit the security bypass issue.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Unknown
Trust: 0.3
CREDITS
Dmitriy Chastuchin, Dmitriy Evdokimov, Alexandr Polyakov and Alexey Tyurin of Digital Security Research Group (DSecRG)
Trust: 0.3
EXTERNAL IDS
| db: | NVD | id: | CVE-2011-5260 | Trust: 0.3 |
| db: | NVD | id: | CVE-2011-4707 | Trust: 0.3 |
| db: | BID | id: | 50680 | Trust: 0.3 |
REFERENCES
| url: | http://dsecrg.com/pages/vul/show.php?id=336 | Trust: 0.3 |
| url: | http://dsecrg.com/pages/vul/show.php?id=341 | Trust: 0.3 |
| url: | http://dsecrg.com/pages/vul/show.php?id=338 | Trust: 0.3 |
| url: | http://dsecrg.com/pages/vul/show.php?id=339 | Trust: 0.3 |
| url: | http://dsecrg.com/pages/vul/show.php?id=335 | Trust: 0.3 |
| url: | http://dsecrg.com/pages/vul/show.php?id=337 | Trust: 0.3 |
| url: | http://www.sap.com/platform/netweaver/index.epx | Trust: 0.3 |
| url: | http://dsecrg.com/pages/vul/show.php?id=340 | Trust: 0.3 |
SOURCES
| db: | BID | id: | 50680 |
LAST UPDATE DATE
2022-07-27T09:45:28.125000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 50680 | date: | 2013-02-14T12:21:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 50680 | date: | 2011-11-15T00:00:00 |