ID

VAR-201202-0345


CVE

CVE-2012-1289


TITLE

SAP NetWeaver Vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2012-001569

DESCRIPTION

Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or (3) ipc/admin/log.jsp or (4) ipc/admin/log_view.jsp in the Application Administration (com.sap.ipc.webapp.ipc) component. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. There is a vulnerability in SAP NetWeaver. Because the input passed to the b2b/admin/log_view.jsp or b2b/admin/log.jsp script in the Internet Sales module via the \"logfilename\" parameter is missing validation before being used to display the file, it can result in arbitrary files being obtained through the directory traversal sequence. information. The SAP NetWeaver com.sap.aii.mdt.amt.web.AMTPageProcessor servlet error can be exploited to leak certain Adapter monitoring information. SAP NetWeaver is prone to multiple input-validation vulnerabilities, including: 1. A cross-site scripting vulnerability 2. Multiple information-disclosure vulnerabilities Attackers can exploit these issues to execute arbitrary script code in the context of the website, steal cookie-based authentication information, and disclose sensitive information. Other attacks are also possible. ---------------------------------------------------------------------- Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. Find out more: http://www.rsaconference.com/events/2012/usa/index.htm ---------------------------------------------------------------------- TITLE: SAP NetWeaver Multiple Vulnerabilities SECUNIA ADVISORY ID: SA47861 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47861/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47861 RELEASE DATE: 2012-02-21 DISCUSS ADVISORY: http://secunia.com/advisories/47861/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47861/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47861 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Digital Security Research Group has reported some vulnerabilities in SAP NetWeaver, which can be exploited by malicious people to conduct cross-site scripting attacks and by malicious users and malicious people to disclose sensitive information. Successful exploitation of vulnerabilities #1 and #2 may require permission to view logs. The vulnerabilities are reported in version 7.0. Other versions may also be affected. SOLUTION: Apply SAP Security Notes 1585527 and 1583300. PROVIDED AND/OR DISCOVERED BY: Dmitriy Chastukhin, Digital Security Research Group. ORIGINAL ADVISORY: Digital Security Research Group: http://dsecrg.com/pages/vul/show.php?id=412 http://dsecrg.com/pages/vul/show.php?id=413 http://dsecrg.com/pages/vul/show.php?id=414 http://dsecrg.com/pages/vul/show.php?id=415 http://dsecrg.com/pages/vul/show.php?id=416 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 5.58

sources: NVD: CVE-2012-1289 // JVNDB: JVNDB-2012-001569 // CNVD: CNVD-2012-0825 // CNVD: CNVD-2012-0822 // CNVD: CNVD-2012-0826 // CNVD: CNVD-2012-0827 // CNVD: CNVD-2012-0823 // BID: 52101 // IVD: 57b1159e-1f73-11e6-abef-000c29c66e3d // IVD: 360fbe54-1f73-11e6-abef-000c29c66e3d // IVD: 55f9093c-1f73-11e6-abef-000c29c66e3d // IVD: 1f68ba5c-1f73-11e6-abef-000c29c66e3d // IVD: 5a3e0c36-1f73-11e6-abef-000c29c66e3d // PACKETSTORM: 110028

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 3.4

sources: IVD: 57b1159e-1f73-11e6-abef-000c29c66e3d // IVD: 360fbe54-1f73-11e6-abef-000c29c66e3d // IVD: 55f9093c-1f73-11e6-abef-000c29c66e3d // IVD: 1f68ba5c-1f73-11e6-abef-000c29c66e3d // IVD: 5a3e0c36-1f73-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0825 // CNVD: CNVD-2012-0822 // CNVD: CNVD-2012-0826 // CNVD: CNVD-2012-0827

AFFECTED PRODUCTS

vendor:sapmodel:netweaverscope:eqversion:7.0

Trust: 6.7

sources: IVD: 57b1159e-1f73-11e6-abef-000c29c66e3d // IVD: 360fbe54-1f73-11e6-abef-000c29c66e3d // IVD: 55f9093c-1f73-11e6-abef-000c29c66e3d // IVD: 1f68ba5c-1f73-11e6-abef-000c29c66e3d // IVD: 5a3e0c36-1f73-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0825 // CNVD: CNVD-2012-0822 // CNVD: CNVD-2012-0826 // CNVD: CNVD-2012-0827 // CNVD: CNVD-2012-0823 // BID: 52101 // JVNDB: JVNDB-2012-001569 // CNNVD: CNNVD-201202-431 // NVD: CVE-2012-1289

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-1289
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-1289
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201202-431
value: MEDIUM

Trust: 0.6

IVD: 57b1159e-1f73-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: 360fbe54-1f73-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: 55f9093c-1f73-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: 1f68ba5c-1f73-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: 5a3e0c36-1f73-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2012-1289
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: 57b1159e-1f73-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 360fbe54-1f73-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 55f9093c-1f73-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 1f68ba5c-1f73-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 5a3e0c36-1f73-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 57b1159e-1f73-11e6-abef-000c29c66e3d // IVD: 360fbe54-1f73-11e6-abef-000c29c66e3d // IVD: 55f9093c-1f73-11e6-abef-000c29c66e3d // IVD: 1f68ba5c-1f73-11e6-abef-000c29c66e3d // IVD: 5a3e0c36-1f73-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2012-001569 // CNNVD: CNNVD-201202-431 // NVD: CVE-2012-1289

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2012-001569 // NVD: CVE-2012-1289

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201202-431

TYPE

Path traversal

Trust: 1.6

sources: IVD: 57b1159e-1f73-11e6-abef-000c29c66e3d // IVD: 360fbe54-1f73-11e6-abef-000c29c66e3d // IVD: 55f9093c-1f73-11e6-abef-000c29c66e3d // IVD: 1f68ba5c-1f73-11e6-abef-000c29c66e3d // IVD: 5a3e0c36-1f73-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201202-431

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001569

PATCH

title:Acknowledgments to Security Researchersurl:http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a

Trust: 0.8

title:Patch for SAP NetWeaver Cross-Site Scripting Vulnerability (CNVD-2012-0825)url:https://www.cnvd.org.cn/patchInfo/show/10773

Trust: 0.6

title:Patch for SAP NetWeaver File Read Vulnerability (CNVD-2012-0822)url:https://www.cnvd.org.cn/patchInfo/show/10771

Trust: 0.6

title:Patch for SAP NetWeaver Information Disclosure Vulnerability (CNVD-2012-0826)url:https://www.cnvd.org.cn/patchInfo/show/10774

Trust: 0.6

title:Patch for SAP NetWeaver Information Disclosure Vulnerability (CNVD-2012-0827)url:https://www.cnvd.org.cn/patchInfo/show/10775

Trust: 0.6

title:Patch for SAP NetWeaver File Read Vulnerability (CNVD-2012-0823)url:https://www.cnvd.org.cn/patchInfo/show/10772

Trust: 0.6

sources: CNVD: CNVD-2012-0825 // CNVD: CNVD-2012-0822 // CNVD: CNVD-2012-0826 // CNVD: CNVD-2012-0827 // CNVD: CNVD-2012-0823 // JVNDB: JVNDB-2012-001569

EXTERNAL IDS

db:BIDid:52101

Trust: 4.9

db:SECUNIAid:47861

Trust: 4.7

db:NVDid:CVE-2012-1289

Trust: 3.7

db:CNNVDid:CNNVD-201202-431

Trust: 1.6

db:CNVDid:CNVD-2012-0825

Trust: 0.8

db:CNVDid:CNVD-2012-0827

Trust: 0.8

db:CNVDid:CNVD-2012-0826

Trust: 0.8

db:CNVDid:CNVD-2012-0822

Trust: 0.8

db:CNVDid:CNVD-2012-0823

Trust: 0.8

db:JVNDBid:JVNDB-2012-001569

Trust: 0.8

db:XFid:73346

Trust: 0.6

db:IVDid:57B1159E-1F73-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:360FBE54-1F73-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:55F9093C-1F73-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:1F68BA5C-1F73-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:5A3E0C36-1F73-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:PACKETSTORMid:110028

Trust: 0.1

sources: IVD: 57b1159e-1f73-11e6-abef-000c29c66e3d // IVD: 360fbe54-1f73-11e6-abef-000c29c66e3d // IVD: 55f9093c-1f73-11e6-abef-000c29c66e3d // IVD: 1f68ba5c-1f73-11e6-abef-000c29c66e3d // IVD: 5a3e0c36-1f73-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0825 // CNVD: CNVD-2012-0822 // CNVD: CNVD-2012-0826 // CNVD: CNVD-2012-0827 // CNVD: CNVD-2012-0823 // BID: 52101 // JVNDB: JVNDB-2012-001569 // PACKETSTORM: 110028 // CNNVD: CNNVD-201202-431 // NVD: CVE-2012-1289

REFERENCES

url:http://secunia.com/advisories/47861/

Trust: 3.1

url:http://dsecrg.com/pages/vul/show.php?id=413

Trust: 2.0

url:http://dsecrg.com/pages/vul/show.php?id=412

Trust: 2.0

url:https://service.sap.com/sap/support/notes/1585527

Trust: 1.6

url:http://www.securityfocus.com/bid/52101

Trust: 1.6

url:http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a

Trust: 1.6

url:http://secunia.com/advisories/47861

Trust: 1.6

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/73346

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1289

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1289

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/73346

Trust: 0.6

url:http://dsecrg.com/pages/vul/show.php?id=414

Trust: 0.4

url:http://dsecrg.com/pages/vul/show.php?id=415

Trust: 0.4

url:http://dsecrg.com/pages/vul/show.php?id=416

Trust: 0.4

url:http://www.sap.com/

Trust: 0.3

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://www.rsaconference.com/events/2012/usa/index.htm

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=47861

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/47861/#comments

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: CNVD: CNVD-2012-0825 // CNVD: CNVD-2012-0822 // CNVD: CNVD-2012-0826 // CNVD: CNVD-2012-0827 // CNVD: CNVD-2012-0823 // BID: 52101 // JVNDB: JVNDB-2012-001569 // PACKETSTORM: 110028 // CNNVD: CNNVD-201202-431 // NVD: CVE-2012-1289

CREDITS

Dmitriy Chastukhin of Digital Security Research Group.

Trust: 0.9

sources: BID: 52101 // CNNVD: CNNVD-201202-431

SOURCES

db:IVDid:57b1159e-1f73-11e6-abef-000c29c66e3d
db:IVDid:360fbe54-1f73-11e6-abef-000c29c66e3d
db:IVDid:55f9093c-1f73-11e6-abef-000c29c66e3d
db:IVDid:1f68ba5c-1f73-11e6-abef-000c29c66e3d
db:IVDid:5a3e0c36-1f73-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-0825
db:CNVDid:CNVD-2012-0822
db:CNVDid:CNVD-2012-0826
db:CNVDid:CNVD-2012-0827
db:CNVDid:CNVD-2012-0823
db:BIDid:52101
db:JVNDBid:JVNDB-2012-001569
db:PACKETSTORMid:110028
db:CNNVDid:CNNVD-201202-431
db:NVDid:CVE-2012-1289

LAST UPDATE DATE

2024-08-14T15:03:51.142000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-0825date:2012-02-23T00:00:00
db:CNVDid:CNVD-2012-0822date:2012-02-23T00:00:00
db:CNVDid:CNVD-2012-0826date:2012-02-23T00:00:00
db:CNVDid:CNVD-2012-0827date:2012-02-23T00:00:00
db:CNVDid:CNVD-2012-0823date:2012-02-23T00:00:00
db:BIDid:52101date:2012-02-27T20:40:00
db:JVNDBid:JVNDB-2012-001569date:2012-02-27T00:00:00
db:CNNVDid:CNNVD-201202-431date:2012-02-24T00:00:00
db:NVDid:CVE-2012-1289date:2017-08-29T01:31:15.990

SOURCES RELEASE DATE

db:IVDid:57b1159e-1f73-11e6-abef-000c29c66e3ddate:2012-02-23T00:00:00
db:IVDid:360fbe54-1f73-11e6-abef-000c29c66e3ddate:2012-02-23T00:00:00
db:IVDid:55f9093c-1f73-11e6-abef-000c29c66e3ddate:2012-02-23T00:00:00
db:IVDid:1f68ba5c-1f73-11e6-abef-000c29c66e3ddate:2012-02-23T00:00:00
db:IVDid:5a3e0c36-1f73-11e6-abef-000c29c66e3ddate:2012-02-23T00:00:00
db:CNVDid:CNVD-2012-0825date:2012-02-23T00:00:00
db:CNVDid:CNVD-2012-0822date:2012-02-23T00:00:00
db:CNVDid:CNVD-2012-0826date:2012-02-23T00:00:00
db:CNVDid:CNVD-2012-0827date:2012-02-23T00:00:00
db:CNVDid:CNVD-2012-0823date:2012-02-23T00:00:00
db:BIDid:52101date:2012-02-21T00:00:00
db:JVNDBid:JVNDB-2012-001569date:2012-02-27T00:00:00
db:PACKETSTORMid:110028date:2012-02-21T06:09:48
db:CNNVDid:CNNVD-201202-431date:1900-01-01T00:00:00
db:NVDid:CVE-2012-1289date:2012-02-23T20:07:25.860