Details of VAR-201112-0297

ID

VAR-201112-0297

CVE

CVE-2011-4707

TITLE

SAP NetWeaver Cross-Site Request Forgery Vulnerability

Trust: 0.8

sources: IVD: 3b9467ec-1f7f-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-4916

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet. The CTC service has an error when performing some verification checks and can be utilized to access user management and OS command execution functions. Inputs passed to the BAPI Explorer through partial transactions are missing prior to use and can be exploited to inject arbitrary HTML and script code that can be executed on the target user's browser when viewed maliciously. When using transaction \"sa38\", RSTXSCRP reports an error and can be exploited to inject any UNC path through the \"File Name\" field. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. TH_GREP reports an error when processing a partial SOAP request, and can inject any SHELL command with the \"<STRING>\" parameter. The SPML service allows users to perform cross-site request forgery attacks, and can log in to the user administrator context to perform arbitrary operations, such as creating arbitrary users. SAP Netweaver is prone to multiple cross-site scripting vulnerabilities, a path traversal vulnerability, an html-injection vulnerability, a cross-site request-forgery vulnerability, and an authentication-bypass vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary commands in the context of the application, disclose sensitive information, perform certain administrative actions, gain unauthorized access, or bypass certain security restrictions

Trust: 7.02

sources: NVD: CVE-2011-4707 // JVNDB: JVNDB-2011-003325 // CNVD: CNVD-2011-4917 // CNVD: CNVD-2011-4911 // CNVD: CNVD-2011-4913 // CNVD: CNVD-2011-4914 // CNVD: CNVD-2011-4912 // CNVD: CNVD-2011-4915 // CNVD: CNVD-2011-4916 // BID: 50680 // IVD: 3d199b1e-1f7f-11e6-abef-000c29c66e3d // IVD: 4247bd6e-1f7f-11e6-abef-000c29c66e3d // IVD: 4119fc7c-1f7f-11e6-abef-000c29c66e3d // IVD: 40204c22-1f7f-11e6-abef-000c29c66e3d // IVD: 3a022216-1f7f-11e6-abef-000c29c66e3d // IVD: 3e98d306-1f7f-11e6-abef-000c29c66e3d // IVD: 3b9467ec-1f7f-11e6-abef-000c29c66e3d // VULMON: CVE-2011-4707

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 5.6

sources: IVD: 3b9467ec-1f7f-11e6-abef-000c29c66e3d // IVD: 3d199b1e-1f7f-11e6-abef-000c29c66e3d // IVD: 3e98d306-1f7f-11e6-abef-000c29c66e3d // IVD: 3a022216-1f7f-11e6-abef-000c29c66e3d // IVD: 40204c22-1f7f-11e6-abef-000c29c66e3d // IVD: 4119fc7c-1f7f-11e6-abef-000c29c66e3d // IVD: 4247bd6e-1f7f-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-4916 // CNVD: CNVD-2011-4917 // CNVD: CNVD-2011-4915 // CNVD: CNVD-2011-4912 // CNVD: CNVD-2011-4914 // CNVD: CNVD-2011-4913 // CNVD: CNVD-2011-4911

AFFECTED PRODUCTS

vendor:	sap	model:	netweaver	scope:	eq	version:	7.0	Trust: 5.9
vendor:	sap	model:	netweaver sp15	scope:	eq	version:	7.0	Trust: 4.5
vendor:	sap	model:	netweaver sp8	scope:	eq	version:	7.0	Trust: 4.5
vendor:	sap	model:	netweaver	scope:	eq	version:	7.10	Trust: 4.5
vendor:	sap	model:	netweaver	scope:	eq	version:	7.30	Trust: 4.5
vendor:	sap	model:	netweaver	scope:	eq	version:	7.02	Trust: 4.5
vendor:	sap	model:	netweaver	scope:	eq	version:	7.01	Trust: 4.5
vendor:	sap	model:	netweaver sp15	scope:	eq	version:	7.0*	Trust: 1.4
vendor:	sap	model:	netweaver sp8	scope:	eq	version:	7.0*	Trust: 1.4
vendor:	sap	model:	netweaver	scope:	eq	version:	7.10*	Trust: 1.4
vendor:	sap	model:	netweaver	scope:	eq	version:	7.30*	Trust: 1.4
vendor:	sap	model:	netweaver	scope:	eq	version:	7.02*	Trust: 1.4
vendor:	sap	model:	netweaver	scope:	eq	version:	7.01*	Trust: 1.4
vendor:	sap	model:	netweaver	scope:	-	version:	-	Trust: 1.4
vendor:	sap	model:	netweaver	scope:	eq	version:	*	Trust: 1.0

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-4707
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2011-4707
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201112-122
value:	MEDIUM
Trust: 0.6
IVD:	3b9467ec-1f7f-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
IVD:	3d199b1e-1f7f-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
IVD:	3e98d306-1f7f-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
IVD:	3a022216-1f7f-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
IVD:	40204c22-1f7f-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
IVD:	4119fc7c-1f7f-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
IVD:	4247bd6e-1f7f-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULMON:	CVE-2011-4707
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2011-4707
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
IVD:	3b9467ec-1f7f-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	3d199b1e-1f7f-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	3e98d306-1f7f-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	3a022216-1f7f-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	40204c22-1f7f-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	4119fc7c-1f7f-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	4247bd6e-1f7f-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2011-003325 // NVD: CVE-2011-4707

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201112-122

TYPE

Cross-site scripting

Trust: 1.4

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-003325

PATCH

title:	Acknowledgments to Security Researchers - 1546307	url:	http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a	Trust: 0.8
title:	Patch for SAP NetWeaver Cross-Site Request Forgery Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/5913	Trust: 0.6
title:	Patch for SAP NetWeaver Feature Access Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/5922	Trust: 0.6
title:	Patch for SAP NetWeaver Command Injection Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/5912	Trust: 0.6
title:	Patch for SAP NetWeaver Cross-Site Scripting Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/5909	Trust: 0.6
title:	Patch for SAP NetWeaver Path Injection Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/5911	Trust: 0.6
title:	Patch for SAP NetWeaver 'page' parameter cross-site scripting vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/5910	Trust: 0.6
title:	SAP Netweaver Script Injection Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/5908	Trust: 0.6

EXTERNAL IDS

db:	BID	id:	50680	Trust: 4.6
db:	NVD	id:	CVE-2011-4707	Trust: 4.2
db:	CNNVD	id:	CNNVD-201112-122	Trust: 2.0
db:	CNVD	id:	CNVD-2011-4916	Trust: 0.8
db:	CNVD	id:	CNVD-2011-4915	Trust: 0.8
db:	CNVD	id:	CNVD-2011-4914	Trust: 0.8
db:	CNVD	id:	CNVD-2011-4917	Trust: 0.8
db:	CNVD	id:	CNVD-2011-4913	Trust: 0.8
db:	CNVD	id:	CNVD-2011-4912	Trust: 0.8
db:	CNVD	id:	CNVD-2011-4911	Trust: 0.8
db:	JVNDB	id:	JVNDB-2011-003325	Trust: 0.8
db:	BUGTRAQ	id:	20111117 [DSECRG-11-036] SAP NETWAVER VIRUS SCAN INTERFACE - MULTIPLE XSS	Trust: 0.6
db:	IVD	id:	3B9467EC-1F7F-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	3D199B1E-1F7F-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	3E98D306-1F7F-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	3A022216-1F7F-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	40204C22-1F7F-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	4119FC7C-1F7F-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	4247BD6E-1F7F-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULMON	id:	CVE-2011-4707	Trust: 0.1

REFERENCES

url:	http://dsecrg.com/pages/vul/show.php?id=336	Trust: 2.0
url:	https://service.sap.com/sap/support/notes/1546307	Trust: 1.7
url:	http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/520554/100/0/threaded	Trust: 1.1
url:	https://erpscan.io/advisories/dsecrg-11-036-sap-netwaver-virus-scan-interface-multiple-xss/	Trust: 1.1
url:	http://dsecrg.com/pages/vul/show.php?id=341	Trust: 0.9
url:	http://dsecrg.com/pages/vul/show.php?id=335	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4707	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4707	Trust: 0.8
url:	http://dsecrg.com/pages/vul/show.php?id=340http	Trust: 0.6
url:	http://dsecrg.com/pages/vul/show.php?id=339http	Trust: 0.6
url:	http://dsecrg.com/pages/vul/show.php?id=336http	Trust: 0.6
url:	http://dsecrg.com/pages/vul/show.php?id=338http	Trust: 0.6
url:	http://dsecrg.com/pages/vul/show.php?id=337http	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/520554/100/0/threaded	Trust: 0.6
url:	http://erpscan.com/advisories/dsecrg-11-036-sap-netwaver-virus-scan-interface-multiple-xss/	Trust: 0.6
url:	http://dsecrg.com/pages/vul/show.php?id=337	Trust: 0.3
url:	http://dsecrg.com/pages/vul/show.php?id=339	Trust: 0.3
url:	http://dsecrg.com/pages/vul/show.php?id=340	Trust: 0.3
url:	http://dsecrg.com/pages/vul/show.php?id=338	Trust: 0.3
url:	http://www.sap.com/platform/netweaver/index.epx	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/50680	Trust: 0.1

sources: CNVD: CNVD-2011-4916 // CNVD: CNVD-2011-4917 // CNVD: CNVD-2011-4915 // CNVD: CNVD-2011-4912 // CNVD: CNVD-2011-4914 // CNVD: CNVD-2011-4913 // CNVD: CNVD-2011-4911 // VULMON: CVE-2011-4707 // BID: 50680 // JVNDB: JVNDB-2011-003325 // CNNVD: CNNVD-201112-122 // NVD: CVE-2011-4707

CREDITS

Dmitriy Chastuchin, Dmitriy Evdokimov, Alexandr Polyakov and Alexey Tyurin of Digital Security Research Group (DSecRG)

Trust: 0.3

sources: BID: 50680

SOURCES

db:	IVD	id:	3b9467ec-1f7f-11e6-abef-000c29c66e3d
db:	IVD	id:	3d199b1e-1f7f-11e6-abef-000c29c66e3d
db:	IVD	id:	3e98d306-1f7f-11e6-abef-000c29c66e3d
db:	IVD	id:	3a022216-1f7f-11e6-abef-000c29c66e3d
db:	IVD	id:	40204c22-1f7f-11e6-abef-000c29c66e3d
db:	IVD	id:	4119fc7c-1f7f-11e6-abef-000c29c66e3d
db:	IVD	id:	4247bd6e-1f7f-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2011-4916
db:	CNVD	id:	CNVD-2011-4917
db:	CNVD	id:	CNVD-2011-4915
db:	CNVD	id:	CNVD-2011-4912
db:	CNVD	id:	CNVD-2011-4914
db:	CNVD	id:	CNVD-2011-4913
db:	CNVD	id:	CNVD-2011-4911
db:	VULMON	id:	CVE-2011-4707
db:	BID	id:	50680
db:	JVNDB	id:	JVNDB-2011-003325
db:	CNNVD	id:	CNNVD-201112-122
db:	NVD	id:	CVE-2011-4707

LAST UPDATE DATE

2024-09-15T22:53:39.982000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-4916	date:	2011-11-16T00:00:00
db:	CNVD	id:	CNVD-2011-4917	date:	2011-11-16T00:00:00
db:	CNVD	id:	CNVD-2011-4915	date:	2011-11-16T00:00:00
db:	CNVD	id:	CNVD-2011-4912	date:	2011-11-16T00:00:00
db:	CNVD	id:	CNVD-2011-4914	date:	2011-11-16T00:00:00
db:	CNVD	id:	CNVD-2011-4913	date:	2011-11-16T00:00:00
db:	CNVD	id:	CNVD-2011-4911	date:	2011-11-16T00:00:00
db:	VULMON	id:	CVE-2011-4707	date:	2018-12-10T00:00:00
db:	BID	id:	50680	date:	2013-02-14T12:21:00
db:	JVNDB	id:	JVNDB-2011-003325	date:	2011-12-13T00:00:00
db:	CNNVD	id:	CNNVD-201112-122	date:	2011-12-09T00:00:00
db:	NVD	id:	CVE-2011-4707	date:	2018-12-10T19:29:00.420

SOURCES RELEASE DATE

db:	IVD	id:	3b9467ec-1f7f-11e6-abef-000c29c66e3d	date:	2011-11-16T00:00:00
db:	IVD	id:	3d199b1e-1f7f-11e6-abef-000c29c66e3d	date:	2011-11-16T00:00:00
db:	IVD	id:	3e98d306-1f7f-11e6-abef-000c29c66e3d	date:	2011-11-16T00:00:00
db:	IVD	id:	3a022216-1f7f-11e6-abef-000c29c66e3d	date:	2011-11-16T00:00:00
db:	IVD	id:	40204c22-1f7f-11e6-abef-000c29c66e3d	date:	2011-11-16T00:00:00
db:	IVD	id:	4119fc7c-1f7f-11e6-abef-000c29c66e3d	date:	2011-11-16T00:00:00
db:	IVD	id:	4247bd6e-1f7f-11e6-abef-000c29c66e3d	date:	2011-11-16T00:00:00
db:	CNVD	id:	CNVD-2011-4916	date:	2011-11-16T00:00:00
db:	CNVD	id:	CNVD-2011-4917	date:	2011-11-16T00:00:00
db:	CNVD	id:	CNVD-2011-4915	date:	2011-11-16T00:00:00
db:	CNVD	id:	CNVD-2011-4912	date:	2011-11-16T00:00:00
db:	CNVD	id:	CNVD-2011-4914	date:	2011-11-16T00:00:00
db:	CNVD	id:	CNVD-2011-4913	date:	2011-11-16T00:00:00
db:	CNVD	id:	CNVD-2011-4911	date:	2011-11-16T00:00:00
db:	VULMON	id:	CVE-2011-4707	date:	2011-12-08T00:00:00
db:	BID	id:	50680	date:	2011-11-15T00:00:00
db:	JVNDB	id:	JVNDB-2011-003325	date:	2011-12-13T00:00:00
db:	CNNVD	id:	CNNVD-201112-122	date:	2011-12-09T00:00:00
db:	NVD	id:	CVE-2011-4707	date:	2011-12-08T19:55:03.720