Details of VAR-201305-0365

ID

VAR-201305-0365

TITLE

SAP NetWeaver Gateway SAP Client Enumeration Vulnerability

Trust: 0.8

sources: IVD: 9eebc26c-1f21-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-06356

DESCRIPTION

SAP NetWeaver Gateway allows developers to openly access SAP software in any environment or any terminal for solution development. Because SAP NetWeaver Gateway does not properly limit arbitrary RFC requests, remote attackers are allowed to exploit vulnerabilities to enumerate legitimate SAP client numbers, which range from 000 to 999 and can be enumerated through brute force attacks

Trust: 0.72

sources: CNVD: CNVD-2013-06356 // IVD: 9eebc26c-1f21-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 9eebc26c-1f21-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-06356

AFFECTED PRODUCTS

vendor:	sap	model:	netweaver gateway sp5	scope:	eq	version:	2.0	Trust: 0.6
vendor:	sap	model:	netweaver gateway sp5	scope:	eq	version:	2.0*	Trust: 0.2

sources: IVD: 9eebc26c-1f21-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-06356

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2013-06356
value:	MEDIUM
Trust: 0.6
IVD:	9eebc26c-1f21-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2013-06356
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	9eebc26c-1f21-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 9eebc26c-1f21-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-06356

TYPE

Permission permission and access control

Trust: 0.2

sources: IVD: 9eebc26c-1f21-11e6-abef-000c29c66e3d

PATCH

title:

Patch for SAP NetWeaver Gateway SAP Client Enumeration Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/34384

Trust: 0.6

sources: CNVD: CNVD-2013-06356

EXTERNAL IDS

db:	CNVD	id:	CNVD-2013-06356	Trust: 0.8
db:	IVD	id:	9EEBC26C-1F21-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 9eebc26c-1f21-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-06356

REFERENCES

url:

http://labs.mwrinfosecurity.com/blog/2012/04/27/mwr-sap-metasploit-modules/

Trust: 0.6

sources: CNVD: CNVD-2013-06356

SOURCES

db:	IVD	id:	9eebc26c-1f21-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2013-06356

LAST UPDATE DATE

2022-05-17T01:48:05.036000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2013-06356

date:

2013-05-30T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	9eebc26c-1f21-11e6-abef-000c29c66e3d	date:	2013-05-30T00:00:00
db:	CNVD	id:	CNVD-2013-06356	date:	2013-05-30T00:00:00