Details of VAR-200907-0583

ID

VAR-200907-0583

TITLE

SAP NetWeaver Password Information Disclosure Vulnerability

Trust: 0.3

sources: BID: 35729

DESCRIPTION

SAP NetWeaver is prone to an information-disclosure vulnerability because it fails to properly secure communication channels between clients and servers. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks.

Trust: 0.3

sources: BID: 35729

AFFECTED PRODUCTS

vendor:	sap	model:	ag sapgui patch level	scope:	eq	version:	7.109	Trust: 0.6
vendor:	sap	model:	ag sapgui patch level	scope:	eq	version:	7.108	Trust: 0.3
vendor:	sap	model:	ag sapgui	scope:	eq	version:	0	Trust: 0.3
vendor:	sap	model:	netweaver application server sp21	scope:	eq	version:	6.40104329.313	Trust: 0.3
vendor:	sap	model:	ag sapgui patch level	scope:	eq	version:	6.4029	Trust: 0.3
vendor:	sap	model:	ag sapgui patch level	scope:	eq	version:	7.105	Trust: 0.3
vendor:	sap	model:	netweaver application server sp17	scope:	eq	version:	6.40104329.313	Trust: 0.3
vendor:	sap	model:	sapgui d for windows	scope:	eq	version:	4.6	Trust: 0.3
vendor:	sap	model:	netweaver portal sp21	scope:	eq	version:	2004	Trust: 0.3
vendor:	sap	model:	netweaver application server sp17	scope:	eq	version:	6.40	Trust: 0.3
vendor:	sap	model:	netweaver nw04s sp9	scope:	-	version:	-	Trust: 0.3
vendor:	sap	model:	netweaver nw04 sp17	scope:	-	version:	-	Trust: 0.3
vendor:	sap	model:	gui for windows patch level	scope:	eq	version:	6.2072	Trust: 0.3
vendor:	sap	model:	netweaver portal	scope:	eq	version:	2004..	Trust: 0.3
vendor:	sap	model:	netweaver nw04 sp15	scope:	-	version:	-	Trust: 0.3
vendor:	sap	model:	netweaver sp15	scope:	eq	version:	7.0	Trust: 0.3
vendor:	sap	model:	sapgui final release patch	scope:	eq	version:	6406403.3.11.1004	Trust: 0.3
vendor:	sap	model:	gui	scope:	eq	version:	7.10	Trust: 0.3
vendor:	sap	model:	gui for windows patch level	scope:	eq	version:	7.006	Trust: 0.3
vendor:	sap	model:	netweaver nw04s sp10	scope:	-	version:	-	Trust: 0.3
vendor:	sap	model:	netweaver sp20	scope:	eq	version:	640	Trust: 0.3
vendor:	sap	model:	netweaver nw04s sp8	scope:	-	version:	-	Trust: 0.3
vendor:	sap	model:	netweaver nw04s sp11	scope:	-	version:	-	Trust: 0.3
vendor:	sap	model:	sapgui c for windows	scope:	eq	version:	4.6	Trust: 0.3
vendor:	sap	model:	ag sapgui	scope:	eq	version:	6.4	Trust: 0.3
vendor:	sap	model:	gui for windows patch level	scope:	eq	version:	6.4030	Trust: 0.3
vendor:	sap	model:	netweaver developer studio sp21	scope:	eq	version:	2004	Trust: 0.3
vendor:	sap	model:	netweaver nw04s sp7	scope:	-	version:	-	Trust: 0.3
vendor:	sap	model:	gui pl	scope:	eq	version:	7.10	Trust: 0.3
vendor:	sap	model:	netweaver nw04 sp19	scope:	-	version:	-	Trust: 0.3
vendor:	sap	model:	netweaver nw04 sp18	scope:	-	version:	-	Trust: 0.3
vendor:	sap	model:	netweaver sp8	scope:	eq	version:	7.0	Trust: 0.3
vendor:	sap	model:	gui patch	scope:	eq	version:	6.4029	Trust: 0.3
vendor:	sap	model:	sapgui b for windows	scope:	eq	version:	4.6	Trust: 0.3
vendor:	sap	model:	netweaver nw04 sp16	scope:	-	version:	-	Trust: 0.3
vendor:	sap	model:	netweaver portal sp17	scope:	eq	version:	2004	Trust: 0.3
vendor:	sap	model:	sapgui for windows	scope:	eq	version:	4.6	Trust: 0.3
vendor:	sap	model:	sapgui a for windows	scope:	eq	version:	4.6	Trust: 0.3
vendor:	sap	model:	netweaver developer studio sp17	scope:	eq	version:	-2004	Trust: 0.3

sources: BID: 35729

THREAT TYPE

network

Trust: 0.3

sources: BID: 35729

TYPE

Design Error

Trust: 0.3

sources: BID: 35729

EXTERNAL IDS

db:

BID

id:

35729

Trust: 0.3

sources: BID: 35729

REFERENCES

url:	http://www.secaron.de/content/presse/fachartikel/sniffing_diag.pdf	Trust: 0.3
url:	http://www.sap.com/platform/netweaver/index.epx	Trust: 0.3

sources: BID: 35729

CREDITS

Andreas Baus and Rene Ledosquet from Secaron AG

Trust: 0.3

sources: BID: 35729

SOURCES

db:

BID

id:

35729

LAST UPDATE DATE

2022-05-17T01:41:46.141000+00:00

SOURCES UPDATE DATE

db:

BID

id:

35729

date:

2009-07-17T21:16:00

SOURCES RELEASE DATE

db:

BID

id:

35729

date:

2009-07-17T00:00:00