Details of VAR-201212-0415

ID

VAR-201212-0415

TITLE

SAP NetWeaver SPML Service XML Parser Information Disclosure Vulnerability

Trust: 0.3

sources: BID: 57533

DESCRIPTION

SAP NetWeaver is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. SAP NetWeaver 6.40 and 7.02 are vulnerable; other versions may also be affected.

Trust: 0.3

sources: BID: 57533

AFFECTED PRODUCTS

vendor:	sap	model:	netweaver	scope:	eq	version:	7.02	Trust: 0.3
vendor:	sap	model:	netweaver	scope:	eq	version:	6.40	Trust: 0.3

sources: BID: 57533

THREAT TYPE

network

Trust: 0.3

sources: BID: 57533

TYPE

Design Error

Trust: 0.3

sources: BID: 57533

EXTERNAL IDS

db:

BID

id:

57533

Trust: 0.3

sources: BID: 57533

REFERENCES

url:	http://erpscan.com/advisories/dsecrg-12-043-sap-netweaver-spml-xml-external-entity/	Trust: 0.3
url:	http://www.sap.com/platform/netweaver/index.epx	Trust: 0.3

sources: BID: 57533

CREDITS

Alexey Tyurin of ERPScan

Trust: 0.3

sources: BID: 57533

SOURCES

db:

BID

id:

57533

LAST UPDATE DATE

2022-05-17T01:55:58.521000+00:00

SOURCES UPDATE DATE

db:

BID

id:

57533

date:

2012-12-15T00:00:00

SOURCES RELEASE DATE

db:

BID

id:

57533

date:

2012-12-15T00:00:00