Details of VAR-201202-0346

ID

VAR-201202-0346

CVE

CVE-2012-1290

TITLE

SAP NetWeaver of b2b/auction/container.jsp Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2012-001570

DESCRIPTION

Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. There is a vulnerability in SAP NetWeaver. information. The SAP NetWeaver com.sap.aii.mdt.amt.web.AMTPageProcessor servlet error can be exploited to leak certain Adapter monitoring information. SAP NetWeaver is prone to multiple input-validation vulnerabilities, including: 1. A cross-site scripting vulnerability 2. Multiple directory traversal vulnerabilities 3. Multiple information-disclosure vulnerabilities Attackers can exploit these issues to execute arbitrary script code in the context of the website, steal cookie-based authentication information, and disclose sensitive information. Other attacks are also possible. ---------------------------------------------------------------------- Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. Find out more: http://www.rsaconference.com/events/2012/usa/index.htm ---------------------------------------------------------------------- TITLE: SAP NetWeaver Multiple Vulnerabilities SECUNIA ADVISORY ID: SA47861 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47861/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47861 RELEASE DATE: 2012-02-21 DISCUSS ADVISORY: http://secunia.com/advisories/47861/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47861/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47861 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Digital Security Research Group has reported some vulnerabilities in SAP NetWeaver, which can be exploited by malicious people to conduct cross-site scripting attacks and by malicious users and malicious people to disclose sensitive information. This can be exploited to disclose the contents of arbitrary files via directory traversal sequences. This can be exploited to disclose the contents of arbitrary files via directory traversal sequences. Successful exploitation of vulnerabilities #1 and #2 may require permission to view logs. The vulnerabilities are reported in version 7.0. Other versions may also be affected. SOLUTION: Apply SAP Security Notes 1585527 and 1583300. PROVIDED AND/OR DISCOVERED BY: Dmitriy Chastukhin, Digital Security Research Group. ORIGINAL ADVISORY: Digital Security Research Group: http://dsecrg.com/pages/vul/show.php?id=412 http://dsecrg.com/pages/vul/show.php?id=413 http://dsecrg.com/pages/vul/show.php?id=414 http://dsecrg.com/pages/vul/show.php?id=415 http://dsecrg.com/pages/vul/show.php?id=416 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 4.68

sources: NVD: CVE-2012-1290 // JVNDB: JVNDB-2012-001570 // CNVD: CNVD-2012-0825 // CNVD: CNVD-2012-0822 // CNVD: CNVD-2012-0826 // CNVD: CNVD-2012-0827 // CNVD: CNVD-2012-0823 // BID: 52101 // PACKETSTORM: 110028

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 2.4

sources: CNVD: CNVD-2012-0825 // CNVD: CNVD-2012-0822 // CNVD: CNVD-2012-0826 // CNVD: CNVD-2012-0827

AFFECTED PRODUCTS

vendor:

sap

model:

netweaver

scope:

version:

7.0

Trust: 5.7

sources: CNVD: CNVD-2012-0825 // CNVD: CNVD-2012-0822 // CNVD: CNVD-2012-0826 // CNVD: CNVD-2012-0827 // CNVD: CNVD-2012-0823 // BID: 52101 // JVNDB: JVNDB-2012-001570 // CNNVD: CNNVD-201202-444 // NVD: CVE-2012-1290

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-1290
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-1290
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201202-444
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2012-1290
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2012-001570 // CNNVD: CNNVD-201202-444 // NVD: CVE-2012-1290

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2012-001570 // NVD: CVE-2012-1290

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201202-444

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 110028 // CNNVD: CNNVD-201202-444

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001570

PATCH

title:	Acknowledgments to Security Researchers	url:	http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a	Trust: 0.8
title:	Patch for SAP NetWeaver Cross-Site Scripting Vulnerability (CNVD-2012-0825)	url:	https://www.cnvd.org.cn/patchInfo/show/10773	Trust: 0.6
title:	Patch for SAP NetWeaver File Read Vulnerability (CNVD-2012-0822)	url:	https://www.cnvd.org.cn/patchInfo/show/10771	Trust: 0.6
title:	Patch for SAP NetWeaver Information Disclosure Vulnerability (CNVD-2012-0826)	url:	https://www.cnvd.org.cn/patchInfo/show/10774	Trust: 0.6
title:	Patch for SAP NetWeaver Information Disclosure Vulnerability (CNVD-2012-0827)	url:	https://www.cnvd.org.cn/patchInfo/show/10775	Trust: 0.6
title:	Patch for SAP NetWeaver File Read Vulnerability (CNVD-2012-0823)	url:	https://www.cnvd.org.cn/patchInfo/show/10772	Trust: 0.6

sources: CNVD: CNVD-2012-0825 // CNVD: CNVD-2012-0822 // CNVD: CNVD-2012-0826 // CNVD: CNVD-2012-0827 // CNVD: CNVD-2012-0823 // JVNDB: JVNDB-2012-001570

EXTERNAL IDS

db:	BID	id:	52101	Trust: 4.9
db:	SECUNIA	id:	47861	Trust: 4.7
db:	NVD	id:	CVE-2012-1290	Trust: 2.7
db:	JVNDB	id:	JVNDB-2012-001570	Trust: 0.8
db:	CNVD	id:	CNVD-2012-0825	Trust: 0.6
db:	CNVD	id:	CNVD-2012-0822	Trust: 0.6
db:	CNVD	id:	CNVD-2012-0826	Trust: 0.6
db:	CNVD	id:	CNVD-2012-0827	Trust: 0.6
db:	CNVD	id:	CNVD-2012-0823	Trust: 0.6
db:	CNNVD	id:	CNNVD-201202-444	Trust: 0.6
db:	PACKETSTORM	id:	110028	Trust: 0.1

sources: CNVD: CNVD-2012-0825 // CNVD: CNVD-2012-0822 // CNVD: CNVD-2012-0826 // CNVD: CNVD-2012-0827 // CNVD: CNVD-2012-0823 // BID: 52101 // JVNDB: JVNDB-2012-001570 // PACKETSTORM: 110028 // CNNVD: CNNVD-201202-444 // NVD: CVE-2012-1290

REFERENCES

url:	http://secunia.com/advisories/47861/	Trust: 3.1
url:	http://dsecrg.com/pages/vul/show.php?id=414	Trust: 2.0
url:	https://service.sap.com/sap/support/notes/1583300	Trust: 1.6
url:	http://www.securityfocus.com/bid/52101	Trust: 1.6
url:	http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a	Trust: 1.6
url:	http://secunia.com/advisories/47861	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1290	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1290	Trust: 0.8
url:	http://dsecrg.com/pages/vul/show.php?id=413	Trust: 0.4
url:	http://dsecrg.com/pages/vul/show.php?id=415	Trust: 0.4
url:	http://dsecrg.com/pages/vul/show.php?id=416	Trust: 0.4
url:	http://dsecrg.com/pages/vul/show.php?id=412	Trust: 0.4
url:	http://www.sap.com/	Trust: 0.3
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://www.rsaconference.com/events/2012/usa/index.htm	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=47861	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/47861/#comments	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2012-0825 // CNVD: CNVD-2012-0822 // CNVD: CNVD-2012-0826 // CNVD: CNVD-2012-0827 // CNVD: CNVD-2012-0823 // BID: 52101 // JVNDB: JVNDB-2012-001570 // PACKETSTORM: 110028 // CNNVD: CNNVD-201202-444 // NVD: CVE-2012-1290

CREDITS

Dmitriy Chastukhin of Digital Security Research Group.

Trust: 0.3

sources: BID: 52101

SOURCES

db:	CNVD	id:	CNVD-2012-0825
db:	CNVD	id:	CNVD-2012-0822
db:	CNVD	id:	CNVD-2012-0826
db:	CNVD	id:	CNVD-2012-0827
db:	CNVD	id:	CNVD-2012-0823
db:	BID	id:	52101
db:	JVNDB	id:	JVNDB-2012-001570
db:	PACKETSTORM	id:	110028
db:	CNNVD	id:	CNNVD-201202-444
db:	NVD	id:	CVE-2012-1290

LAST UPDATE DATE

2024-11-23T22:14:05.197000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-0825	date:	2012-02-23T00:00:00
db:	CNVD	id:	CNVD-2012-0822	date:	2012-02-23T00:00:00
db:	CNVD	id:	CNVD-2012-0826	date:	2012-02-23T00:00:00
db:	CNVD	id:	CNVD-2012-0827	date:	2012-02-23T00:00:00
db:	CNVD	id:	CNVD-2012-0823	date:	2012-02-23T00:00:00
db:	BID	id:	52101	date:	2012-02-27T20:40:00
db:	JVNDB	id:	JVNDB-2012-001570	date:	2012-02-27T00:00:00
db:	CNNVD	id:	CNNVD-201202-444	date:	2012-02-24T00:00:00
db:	NVD	id:	CVE-2012-1290	date:	2024-11-21T01:36:46.737

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2012-0825	date:	2012-02-23T00:00:00
db:	CNVD	id:	CNVD-2012-0822	date:	2012-02-23T00:00:00
db:	CNVD	id:	CNVD-2012-0826	date:	2012-02-23T00:00:00
db:	CNVD	id:	CNVD-2012-0827	date:	2012-02-23T00:00:00
db:	CNVD	id:	CNVD-2012-0823	date:	2012-02-23T00:00:00
db:	BID	id:	52101	date:	2012-02-21T00:00:00
db:	JVNDB	id:	JVNDB-2012-001570	date:	2012-02-27T00:00:00
db:	PACKETSTORM	id:	110028	date:	2012-02-21T06:09:48
db:	CNNVD	id:	CNNVD-201202-444	date:	2012-02-24T00:00:00
db:	NVD	id:	CVE-2012-1290	date:	2012-02-23T20:07:25.907