ID
VAR-201104-0315
TITLE
SAP NetWeaver Arbitrary code execution vulnerability
Trust: 0.8
DESCRIPTION
SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. SAP NetWeaver has an input validation error, and the input to the \"sort\", \"numPerPage\", \"page\", \"lastPage\", \"numPerpageb\", \"pageb\" and \"direction\" parameters passed to MessagingSystem/monitor/monitor.jsp is returned. The lack of filtering by users can lead to cross-site scripting attacks. The user lacks filtering before and can execute arbitrary HTML and script code on the target user's browser. SAP Netweaver is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. This may let the attacker steal cookie-based authentication credentials and launch other attacks. ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: SAP NetWeaver Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA44187 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44187/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44187 RELEASE DATE: 2011-04-14 DISCUSS ADVISORY: http://secunia.com/advisories/44187/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44187/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44187 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in SAP NetWeaver, which can be exploited by malicious people to conduct cross-site scripting attacks. SOLUTION: Apply fixes (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: 1) Alexandr Polyakov, Digital Security Research Group 2) Dmitriy Evdokimov, Digital Security Research Group ORIGINAL ADVISORY: SAP: https://service.sap.com/sap/support/notes/1443367 https://service.sap.com/sap/support/notes/1490335 Digital Security Research Group (DSECRG-11-015, DSECRG-11-016): http://dsecrg.com/pages/vul/show.php?id=315 http://dsecrg.com/pages/vul/show.php?id=316 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
Trust: 1.8
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 1.6 |
AFFECTED PRODUCTS
| vendor: | sap | model: | netweaver | scope: | eq | version: | 6.4 | Trust: 1.9 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.10 | Trust: 1.5 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.30 | Trust: 1.5 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.10* | Trust: 0.4 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.30* | Trust: 0.4 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
THREAT TYPE
network
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
PATCH
| title: | Patch for SAP NetWeaver Cross-Site Scripting Vulnerability | url: | https://www.cnvd.org.cn/patchinfo/show/3548 | Trust: 0.6 |
| title: | Patch for SAP NetWeaver arbitrary code execution vulnerability | url: | https://www.cnvd.org.cn/patchinfo/show/3547 | Trust: 0.6 |
EXTERNAL IDS
| db: | BID | id: | 47360 | Trust: 1.5 |
| db: | CNVD | id: | CNVD-2011-1468 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2011-1467 | Trust: 0.8 |
| db: | SECUNIA | id: | 44187 | Trust: 0.7 |
| db: | IVD | id: | 5FC42B3E-1F98-11E6-ABEF-000C29C66E3D | Trust: 0.2 |
| db: | IVD | id: | 618C24F8-1F98-11E6-ABEF-000C29C66E3D | Trust: 0.2 |
| db: | PACKETSTORM | id: | 100438 | Trust: 0.1 |
REFERENCES
| url: | http://dsecrg.com/pages/vul/show.php?id=315http | Trust: 0.6 |
| url: | http://secunia.com/advisories/44187/http | Trust: 0.6 |
| url: | http://dsecrg.com/pages/vul/show.php?id=315 | Trust: 0.4 |
| url: | http://dsecrg.com/pages/vul/show.php?id=316 | Trust: 0.4 |
| url: | http://www.sap.com/platform/netweaver/index.epx | Trust: 0.3 |
| url: | http://secunia.com/advisories/44187/ | Trust: 0.1 |
| url: | https://service.sap.com/sap/support/notes/1490335 | Trust: 0.1 |
| url: | http://secunia.com/products/corporate/evm/ | Trust: 0.1 |
| url: | http://secunia.com/advisories/secunia_security_advisories/ | Trust: 0.1 |
| url: | http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ | Trust: 0.1 |
| url: | http://secunia.com/advisories/about_secunia_advisories/ | Trust: 0.1 |
| url: | http://secunia.com/advisories/44187/#comments | Trust: 0.1 |
| url: | http://secunia.com/vulnerability_scanning/personal/ | Trust: 0.1 |
| url: | http://secunia.com/blog/210 | Trust: 0.1 |
| url: | http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org | Trust: 0.1 |
| url: | https://service.sap.com/sap/support/notes/1443367 | Trust: 0.1 |
| url: | https://ca.secunia.com/?page=viewadvisory&vuln_id=44187 | Trust: 0.1 |
CREDITS
Alexandr Polyakov and Dmitriy Evdokimov from Digital Security Research Group
Trust: 0.3
SOURCES
| db: | IVD | id: | 5fc42b3e-1f98-11e6-abef-000c29c66e3d |
| db: | IVD | id: | 618c24f8-1f98-11e6-abef-000c29c66e3d |
| db: | CNVD | id: | CNVD-2011-1467 |
| db: | CNVD | id: | CNVD-2011-1468 |
| db: | BID | id: | 47360 |
| db: | PACKETSTORM | id: | 100438 |
LAST UPDATE DATE
2022-05-17T02:07:20.408000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2011-1467 | date: | 2011-04-15T00:00:00 |
| db: | CNVD | id: | CNVD-2011-1468 | date: | 2011-04-15T00:00:00 |
| db: | BID | id: | 47360 | date: | 2011-04-14T00:00:00 |
SOURCES RELEASE DATE
| db: | IVD | id: | 5fc42b3e-1f98-11e6-abef-000c29c66e3d | date: | 2011-04-15T00:00:00 |
| db: | IVD | id: | 618c24f8-1f98-11e6-abef-000c29c66e3d | date: | 2011-04-15T00:00:00 |
| db: | CNVD | id: | CNVD-2011-1467 | date: | 2011-04-15T00:00:00 |
| db: | CNVD | id: | CNVD-2011-1468 | date: | 2011-04-15T00:00:00 |
| db: | BID | id: | 47360 | date: | 2011-04-14T00:00:00 |
| db: | PACKETSTORM | id: | 100438 | date: | 2011-04-15T05:55:47 |