ID
VAR-E-201402-0438
TITLE
SAP NetWeaver Multiple Security Vulnerabilities
Trust: 0.3
DESCRIPTION
SAP NetWeaver is prone to multiple security vulnerabilities, including:
1. An information-disclosure vulnerability
2. Multiple cross-site scripting vulnerabilities
3. A denial-of-service vulnerability
Attackers can exploit these issues to obtain sensitive information, perform a denial-of-service attack, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | sap | model: | netweaver | scope: | eq | version: | 0 | Trust: 0.3 |
EXPLOIT
An attacker can exploit these issues using a web browser. To exploit the cross-site scripting issue, an attacker must entice an unsuspecting user to follow a malicious URI
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
CREDITS
Alexander Polyakov, George Nosenko and Dmitry Chastukhin
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 65547 | Trust: 0.3 |
REFERENCES
| url: | http://www.sap.com | Trust: 0.3 |
SOURCES
| db: | BID | id: | 65547 |
LAST UPDATE DATE
2022-07-27T09:27:27.237000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 65547 | date: | 2014-02-01T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 65547 | date: | 2014-02-01T00:00:00 |