ID
VAR-201211-0614
TITLE
SAP NetWeaver MMC Cross Site Request Forgery Vulnerability
Trust: 0.3
sources:
BID: 57653
DESCRIPTION
SAP NetWeaver is prone to a cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
Trust: 0.3
sources:
BID: 57653
AFFECTED PRODUCTS
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.30 | Trust: 0.3 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.10 | Trust: 0.3 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.02 | Trust: 0.3 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.01 | Trust: 0.3 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.0 | Trust: 0.3 |
sources:
BID: 57653
THREAT TYPE
network
Trust: 0.3
sources:
BID: 57653
TYPE
Design Error
Trust: 0.3
sources:
BID: 57653
EXTERNAL IDS
| db: | BID | id: | 57653 | Trust: 0.3 |
sources:
BID: 57653
REFERENCES
| url: | http://erpscan.com/advisories/dsecrg-12-051-sap-netweaver-mmc-csrf/ | Trust: 0.3 |
| url: | http://www.sap.com/platform/netweaver/index.epx | Trust: 0.3 |
sources:
BID: 57653
CREDITS
Alexey Tyurin, ERPScan
Trust: 0.3
sources:
BID: 57653
SOURCES
| db: | BID | id: | 57653 |
LAST UPDATE DATE
2022-05-17T02:02:36.162000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 57653 | date: | 2012-11-13T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 57653 | date: | 2012-11-13T00:00:00 |