Details of VAR-E-201605-0284

ID

VAR-E-201605-0284

CVE

cve_id:

CVE-2010-5326

Trust: 0.3

sources: BID: 90533

TITLE

Multiple SAP Business Applications Incomplete Fix Remote Code Execution Vulnerability

Trust: 0.3

sources: BID: 90533

DESCRIPTION

Multiple SAP Business applications running on SAP Java platforms are prone to a remote code-execution vulnerability.
An attacker may leverage this issue to execute arbitrary script code within the context of the affected application.
Note : This issue is the result of an incomplete fix for the issue described in 48925 (SAP Netweaver Invoker Servlet Remote Code Execution Vulnerability).

Trust: 0.3

sources: BID: 90533

AFFECTED PRODUCTS

vendor:	sap	model:	solution manager	scope:	eq	version:	Trust: 0.3
vendor:	sap	model:	supply chain management	scope:	eq	version:	Trust: 0.3
vendor:	sap	model:	product lifecycle management	scope:	eq	version:	Trust: 0.3
vendor:	sap	model:	netweaver composition environment	scope:	eq	version:	Trust: 0.3
vendor:	sap	model:	exchange infrastructure	scope:	eq	version:	Trust: 0.3
vendor:	sap	model:	enterprise portal	scope:	eq	version:	Trust: 0.3

sources: BID: 90533

EXPLOIT

Reports indicate that this issue is being exploited in the wild.

Trust: 0.3

sources: BID: 90533

PRICE

Free

Trust: 0.3

sources: BID: 90533

TYPE

Unknown

Trust: 0.3

sources: BID: 90533

CREDITS

Onapsis Security

Trust: 0.3

sources: BID: 90533

EXTERNAL IDS

db:	NVD	id:	CVE-2010-5326	Trust: 0.3
db:	BID	id:	90533	Trust: 0.3

sources: BID: 90533

REFERENCES

url:

http://www.onapsis.com/resources/download.php?id=7wkeuqheij%2bqq3jv4qpdjl1ffrxqqxpj5uloink%2bzeilka6bds1fhqzomd%2bpokyossoouymyxkdykay2dgrh&lang=en .

Trust: 0.3

sources: BID: 90533

SOURCES

db:

BID

id:

90533

LAST UPDATE DATE

2022-07-27T09:42:32.486000+00:00

SOURCES UPDATE DATE

db:

BID

id:

90533

date:

2016-07-05T22:21:00

SOURCES RELEASE DATE

db:

BID

id:

90533

date:

2016-05-11T00:00:00