Details of VAR-201006-0349

ID

VAR-201006-0349

CVE

CVE-2010-2347

TITLE

SAP-JEECOR of Telnet Vulnerabilities that bypass security checks in interfaces

Trust: 0.8

sources: JVNDB: JVNDB-2010-005549

DESCRIPTION

The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 through 7.02, and Server Core (SERVERCORE) 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors. The SAP J2EE engine is prone to a remote information-disclosure vulnerability. Remote attackers can exploit this issue to obtain sensitive information. Information obtained may aim in further attacks and facilitate access to other services. The issue affects the following: SAP-JEECOR 6.40 SAP-JEECOR 7.00 SAP-JEECOR 7.01 SAP-JEECOR 7.02 SERVERCORE 7.10 SERVERCORE 7.11 SERVERCORE 7.20 SERVERCORE 7.30. ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: SAP J2EE Telnet Interface Credentials Reflection Vulnerability SECUNIA ADVISORY ID: SA40223 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40223/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40223 RELEASE DATE: 2010-06-26 DISCUSS ADVISORY: http://secunia.com/advisories/40223/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40223/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40223 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Mariano Nu\xf1ez Di Croce has reported a vulnerability in the SAP J2EE engine, which can be exploited by malicious people to bypass certain security restrictions and potentially compromise a vulnerable system. The vulnerability is caused due to an unspecified error in the J2EE telnet interface and can be exploited to replay authentication credentials when authenticating to other services (e.g. SMB). The vulnerability is reported in the following versions: * SAP-JEECOR 6.40 * SAP-JEECOR 7.00 * SAP-JEECOR 7.01 * SAP-JEECOR 7.02 * SERVERCORE 7.10 * SERVERCORE 7.11 * SERVERCORE 7.20 * SERVERCORE 7.30 SOLUTION: Patches are available via SAP note 1425847. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Mariano Nu\xf1ez Di Croce, Onapsis ORIGINAL ADVISORY: Onapsis: http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0371.html SAP (note 1425847): http://service.sap.com/sap/support/notes/1425847 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.98

sources: NVD: CVE-2010-2347 // JVNDB: JVNDB-2010-005549 // BID: 40916 // PACKETSTORM: 91086

AFFECTED PRODUCTS

vendor:	sap	model:	j2ee engine core	scope:	eq	version:	7.02	Trust: 1.9
vendor:	sap	model:	j2ee engine core	scope:	eq	version:	7.01	Trust: 1.9
vendor:	sap	model:	j2ee engine core	scope:	eq	version:	7.00	Trust: 1.9
vendor:	sap	model:	j2ee engine core	scope:	eq	version:	6.40	Trust: 1.9
vendor:	sap	model:	server core	scope:	eq	version:	7.11	Trust: 1.6
vendor:	sap	model:	server core	scope:	eq	version:	7.20	Trust: 1.6
vendor:	sap	model:	server core	scope:	eq	version:	7.30	Trust: 1.6
vendor:	sap	model:	server core	scope:	eq	version:	7.10	Trust: 1.6
vendor:	sap	model:	j2ee engine core	scope:	eq	version:	6.40 to 7.02	Trust: 0.8
vendor:	sap	model:	server core	scope:	eq	version:	7.10 to 7.30	Trust: 0.8
vendor:	sap	model:	j2ee engine core	scope:	eq	version:	7.30	Trust: 0.3
vendor:	sap	model:	j2ee engine core	scope:	eq	version:	7.20	Trust: 0.3
vendor:	sap	model:	j2ee engine core	scope:	eq	version:	7.11	Trust: 0.3
vendor:	sap	model:	j2ee engine core	scope:	eq	version:	7.10	Trust: 0.3

sources: BID: 40916 // JVNDB: JVNDB-2010-005549 // CNNVD: CNNVD-201006-344 // NVD: CVE-2010-2347

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-2347
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2010-2347
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201006-344
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2010-2347
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2010-005549 // CNNVD: CNNVD-201006-344 // NVD: CVE-2010-2347

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.8

sources: JVNDB: JVNDB-2010-005549 // NVD: CVE-2010-2347

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201006-344

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201006-344

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-005549

PATCH

title:

Top Page

url:

http://www.sap.com/index.epx

Trust: 0.8

sources: JVNDB: JVNDB-2010-005549

EXTERNAL IDS

db:	NVD	id:	CVE-2010-2347	Trust: 2.7
db:	BID	id:	40916	Trust: 1.9
db:	SECUNIA	id:	40223	Trust: 1.7
db:	SECTRACK	id:	1024114	Trust: 1.6
db:	JVNDB	id:	JVNDB-2010-005549	Trust: 0.8
db:	XF	id:	2	Trust: 0.6
db:	XF	id:	59502	Trust: 0.6
db:	FULLDISC	id:	20100616 [ONAPSIS SECURITY ADVISORY 2010-005] SAP J2EE TELNET ADMINISTRATION SECURITY CHECK BYPASS	Trust: 0.6
db:	BUGTRAQ	id:	20100616 [ONAPSIS SECURITY ADVISORY 2010-005] SAP J2EE TELNET ADMINISTRATION SECURITY CHECK BYPASS	Trust: 0.6
db:	CNNVD	id:	CNNVD-201006-344	Trust: 0.6
db:	PACKETSTORM	id:	91086	Trust: 0.1

sources: BID: 40916 // JVNDB: JVNDB-2010-005549 // PACKETSTORM: 91086 // CNNVD: CNNVD-201006-344 // NVD: CVE-2010-2347

REFERENCES

url:	https://service.sap.com/sap/support/notes/1425847	Trust: 1.7
url:	http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0371.html	Trust: 1.7
url:	http://www.securitytracker.com/id?1024114	Trust: 1.6
url:	http://www.securityfocus.com/bid/40916	Trust: 1.6
url:	http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-005	Trust: 1.6
url:	http://secunia.com/advisories/40223	Trust: 1.6
url:	http://www.securityfocus.com/archive/1/511855/100/0/threaded	Trust: 1.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/59502	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2347	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2347	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/59502	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/511855/100/0/threaded	Trust: 0.6
url:	http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-005	Trust: 0.3
url:	https://service.sap.com/sap/support/notes/1425847	Trust: 0.3
url:	http://secunia.com/products/corporate/evm/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/advisories/40223/#comments	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/webinars/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/40223/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=40223	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: BID: 40916 // JVNDB: JVNDB-2010-005549 // PACKETSTORM: 91086 // CNNVD: CNNVD-201006-344 // NVD: CVE-2010-2347

CREDITS

Mariano Nuñez Di Croce

Trust: 0.3

sources: BID: 40916

SOURCES

db:	BID	id:	40916
db:	JVNDB	id:	JVNDB-2010-005549
db:	PACKETSTORM	id:	91086
db:	CNNVD	id:	CNNVD-201006-344
db:	NVD	id:	CVE-2010-2347

LAST UPDATE DATE

2025-04-11T21:58:57.853000+00:00

SOURCES UPDATE DATE

db:	BID	id:	40916	date:	2015-04-13T21:02:00
db:	JVNDB	id:	JVNDB-2010-005549	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-201006-344	date:	2010-06-23T00:00:00
db:	NVD	id:	CVE-2010-2347	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	BID	id:	40916	date:	2010-06-16T00:00:00
db:	JVNDB	id:	JVNDB-2010-005549	date:	2012-12-20T00:00:00
db:	PACKETSTORM	id:	91086	date:	2010-06-28T07:29:48
db:	CNNVD	id:	CNNVD-201006-344	date:	2010-06-23T00:00:00
db:	NVD	id:	CVE-2010-2347	date:	2010-06-21T19:30:01.990