Details of VAR-201305-0363

ID

VAR-201305-0363

TITLE

SAP NetWeaver Gateway Account Violent Cracking Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2013-06355

DESCRIPTION

SAP NetWeaver Gateway allows developers to openly access SAP software in any environment or any terminal for solution development. The locking mechanism used by SAP NetWeaver Gateway to protect against brute force attacks is vulnerable. Because the default account lock threshold reset is predictable at 00:01, the remote attacker is allowed to perform brute force attacks between the end of work and midnight, so that the attack will not be attacked. Discover it right away

Trust: 0.72

sources: CNVD: CNVD-2013-06355 // IVD: e5e71586-1f21-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e5e71586-1f21-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-06355

AFFECTED PRODUCTS

vendor:	sap	model:	netweaver gateway sp5	scope:	eq	version:	2.0	Trust: 0.6
vendor:	sap	model:	netweaver gateway sp5	scope:	eq	version:	2.0*	Trust: 0.2

sources: IVD: e5e71586-1f21-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-06355

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2013-06355
value:	MEDIUM
Trust: 0.6
IVD:	e5e71586-1f21-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2013-06355
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e5e71586-1f21-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: e5e71586-1f21-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-06355

TYPE

Design error

Trust: 0.2

sources: IVD: e5e71586-1f21-11e6-abef-000c29c66e3d

PATCH

title:

Patch for SAP NetWeaver Gateway Account Violent Cracking Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/34385

Trust: 0.6

sources: CNVD: CNVD-2013-06355

EXTERNAL IDS

db:	CNVD	id:	CNVD-2013-06355	Trust: 0.8
db:	IVD	id:	E5E71586-1F21-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: e5e71586-1f21-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-06355

REFERENCES

url:

http://labs.mwrinfosecurity.com/blog/2012/04/27/mwr-sap-metasploit-modules/

Trust: 0.6

sources: CNVD: CNVD-2013-06355

SOURCES

db:	IVD	id:	e5e71586-1f21-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2013-06355

LAST UPDATE DATE

2022-05-17T02:08:10.213000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2013-06355

date:

2013-05-30T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	e5e71586-1f21-11e6-abef-000c29c66e3d	date:	2013-05-30T00:00:00
db:	CNVD	id:	CNVD-2013-06355	date:	2013-05-30T00:00:00