Sign-up

ID

VAR-201108-0296


TITLE

SAP Netweaver \"EPS_DELETE_FILE()\" Arbitrary File Removal Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2011-5564

DESCRIPTION

SAP NetWeaver is a service-oriented application and integration platform. Provides a development and runtime environment for SAP applications, as well as custom development and integration with other applications and systems. SAP NetWeaver has any file deletion vulnerability in the implementation of EPS_DELETE_FILE(). This vulnerability can be exploited by remote attackers to delete any file on the affected computer or to steal the hash of the SAP server account in the Windows environment through SMBRelay attack. An attacker can use the default SAP account (such as TMSADM or SAPCPIC) to remotely execute the function EPS_DELETE_FILE to delete any file in the OS, or send a hash of the SAP account to the remote host or perform a smbrelay attack. Attackers can exploit this issue with directory-traversal strings ('../') to delete arbitrary files; this may aid in launching further attacks

Trust: 0.99

sources: CNVD: CNVD-2011-5564 // BID: 49321 // IVD: e007be2c-1f8a-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e007be2c-1f8a-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5564

AFFECTED PRODUCTS

vendor:sapmodel:netweaver sp8scope:eqversion:7.0

Trust: 0.9

vendor:sapmodel:netweaverscope:eqversion:7.30

Trust: 0.3

vendor:sapmodel:netweaverscope:eqversion:7.10

Trust: 0.3

vendor:sapmodel:netweaverscope:eqversion:7.02

Trust: 0.3

vendor:sapmodel:netweaverscope:eqversion:7.01

Trust: 0.3

vendor:sapmodel:netweaver sp15scope:eqversion:7.0

Trust: 0.3

vendor:sapmodel:netweaverscope:eqversion:7.0

Trust: 0.3

vendor:sapmodel:netweaver sp8scope:eqversion:7.0*

Trust: 0.2

sources: IVD: e007be2c-1f8a-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5564 // BID: 49321

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2011-5564
value: HIGH

Trust: 0.6

IVD: e007be2c-1f8a-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

CNVD: CNVD-2011-5564
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e007be2c-1f8a-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: e007be2c-1f8a-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5564

THREAT TYPE

network

Trust: 0.3

sources: BID: 49321

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 49321

PATCH

title:Patch for SAP Netweaver \"EPS_DELETE_FILE()\" arbitrary file removal vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/35281

Trust: 0.6

sources: CNVD: CNVD-2011-5564

EXTERNAL IDS

db:BIDid:49321

Trust: 0.9

db:CNVDid:CNVD-2011-5564

Trust: 0.8

db:IVDid:E007BE2C-1F8A-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: e007be2c-1f8a-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5564 // BID: 49321

REFERENCES

url:http://www.securityfocus.com/bid/49321/info

Trust: 0.6

url:http://dsecrg.com/pages/vul/show.php?id=331

Trust: 0.3

url:http://www.sap.com/

Trust: 0.3

url:https://service.sap.com/sap/support/notes/1554030

Trust: 0.3

url:http://www.sap.com/platform/netweaver/index.epx

Trust: 0.3

sources: CNVD: CNVD-2011-5564 // BID: 49321

CREDITS

Alexey Sintsov

Trust: 0.3

sources: BID: 49321

SOURCES

db:IVDid:e007be2c-1f8a-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-5564
db:BIDid:49321

LAST UPDATE DATE

2022-05-17T01:45:32.914000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-5564date:2011-08-26T00:00:00
db:BIDid:49321date:2011-08-22T00:00:00

SOURCES RELEASE DATE

db:IVDid:e007be2c-1f8a-11e6-abef-000c29c66e3ddate:2011-08-26T00:00:00
db:CNVDid:CNVD-2011-5564date:2011-08-26T00:00:00
db:BIDid:49321date:2011-08-22T00:00:00