Details of VAR-201302-0013

ID

VAR-201302-0013

CVE

CVE-2011-5260

TITLE

SAP NetWeaver Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2011-4912 // CNNVD: CNNVD-201302-162

DESCRIPTION

Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter. The SPML service allows users to perform cross-site request forgery attacks, and can log in to the user administrator context to perform arbitrary operations, such as creating arbitrary users. The CTC service has an error when performing some verification checks and can be utilized to access user management and OS command execution functions. TH_GREP reports an error when processing a partial SOAP request, and can inject any SHELL command with the \"<STRING>\" parameter. The \"instname\" parameter passed to the VsiTestScan servlet in the virus scanning interface and the input of the \"name\" parameter in the VsiTestServlet servlet are missing filtering before returning to the user, which can lead to cross-site scripting attacks. When using transaction \"sa38\", RSTXSCRP reports an error and can be exploited to inject any UNC path through the \"File Name\" field. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. Inputs passed to the BAPI Explorer through partial transactions are missing prior to use and can be exploited to inject arbitrary HTML and script code that can be executed on the target user's browser when viewed maliciously. SAP Netweaver is prone to multiple cross-site scripting vulnerabilities, a path traversal vulnerability, an html-injection vulnerability, a cross-site request-forgery vulnerability, and an authentication-bypass vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary commands in the context of the application, disclose sensitive information, perform certain administrative actions, gain unauthorized access, or bypass certain security restrictions

Trust: 5.67

sources: NVD: CVE-2011-5260 // JVNDB: JVNDB-2013-001560 // CNVD: CNVD-2011-4916 // CNVD: CNVD-2011-4917 // CNVD: CNVD-2011-4915 // CNVD: CNVD-2011-4912 // CNVD: CNVD-2011-4914 // CNVD: CNVD-2011-4913 // CNVD: CNVD-2011-4911 // BID: 50680

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 4.2

AFFECTED PRODUCTS

vendor:	sap	model:	netweaver	scope:	eq	version:	7.0	Trust: 6.9
vendor:	sap	model:	netweaver sp15	scope:	eq	version:	7.0	Trust: 4.5
vendor:	sap	model:	netweaver sp8	scope:	eq	version:	7.0	Trust: 4.5
vendor:	sap	model:	netweaver	scope:	eq	version:	7.10	Trust: 4.5
vendor:	sap	model:	netweaver	scope:	eq	version:	7.30	Trust: 4.5
vendor:	sap	model:	netweaver	scope:	eq	version:	7.02	Trust: 4.5
vendor:	sap	model:	netweaver	scope:	eq	version:	7.01	Trust: 4.5
vendor:	sap	model:	netweaver	scope:	eq	version:	4.0	Trust: 2.4
vendor:	sap	model:	netweaver	scope:	eq	version:	6.4	Trust: 2.4
vendor:	sap	model:	netweaver	scope:	eq	version:	-	Trust: 1.6
vendor:	sap	model:	netweaver	scope:	eq	version:	7.0 ehp1	Trust: 0.8
vendor:	sap	model:	netweaver	scope:	eq	version:	7.0 ehp2	Trust: 0.8
vendor:	sap	model:	netweaver	scope:	eq	version:	7.0 sp15	Trust: 0.8
vendor:	sap	model:	netweaver	scope:	eq	version:	7.0 sp8	Trust: 0.8

sources: CNVD: CNVD-2011-4916 // CNVD: CNVD-2011-4917 // CNVD: CNVD-2011-4915 // CNVD: CNVD-2011-4912 // CNVD: CNVD-2011-4914 // CNVD: CNVD-2011-4913 // CNVD: CNVD-2011-4911 // BID: 50680 // JVNDB: JVNDB-2013-001560 // CNNVD: CNNVD-201302-162 // NVD: CVE-2011-5260

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-5260
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2011-5260
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201302-162
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2011-5260
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2013-001560 // CNNVD: CNNVD-201302-162 // NVD: CVE-2011-5260

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2013-001560 // NVD: CVE-2011-5260

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201302-162

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201302-162

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-001560

PATCH

title:	Archive for Acknowledgments to Security Researchers	url:	http://www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4	Trust: 0.8
title:	Patch for SAP NetWeaver Cross-Site Request Forgery Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/5913	Trust: 0.6
title:	Patch for SAP NetWeaver Feature Access Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/5922	Trust: 0.6
title:	Patch for SAP NetWeaver Command Injection Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/5912	Trust: 0.6
title:	Patch for SAP NetWeaver Cross-Site Scripting Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/5909	Trust: 0.6
title:	Patch for SAP NetWeaver Path Injection Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/5911	Trust: 0.6
title:	Patch for SAP NetWeaver 'page' parameter cross-site scripting vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/5910	Trust: 0.6
title:	SAP Netweaver Script Injection Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/5908	Trust: 0.6

EXTERNAL IDS

db:	BID	id:	50680	Trust: 4.5
db:	NVD	id:	CVE-2011-5260	Trust: 2.7
db:	JVNDB	id:	JVNDB-2013-001560	Trust: 0.8
db:	CNVD	id:	CNVD-2011-4916	Trust: 0.6
db:	CNVD	id:	CNVD-2011-4917	Trust: 0.6
db:	CNVD	id:	CNVD-2011-4915	Trust: 0.6
db:	CNVD	id:	CNVD-2011-4912	Trust: 0.6
db:	CNVD	id:	CNVD-2011-4914	Trust: 0.6
db:	CNVD	id:	CNVD-2011-4913	Trust: 0.6
db:	CNVD	id:	CNVD-2011-4911	Trust: 0.6
db:	BUGTRAQ	id:	20111117 [DSECRG-11-037] SAP BW DOC - MULTIPLE XSS	Trust: 0.6
db:	CNNVD	id:	CNNVD-201302-162	Trust: 0.6

REFERENCES

url:	http://dsecrg.com/pages/vul/show.php?id=337	Trust: 1.9
url:	http://www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4	Trust: 1.6
url:	http://www.securityfocus.com/archive/1/520555/100/0/threaded	Trust: 1.0
url:	https://erpscan.io/advisories/dsecrg-11-037-sap-bw-doc-multiple-xss/	Trust: 1.0
url:	http://dsecrg.com/pages/vul/show.php?id=341	Trust: 0.9
url:	http://dsecrg.com/pages/vul/show.php?id=335	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5260	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5260	Trust: 0.8
url:	http://dsecrg.com/pages/vul/show.php?id=340http	Trust: 0.6
url:	http://dsecrg.com/pages/vul/show.php?id=339http	Trust: 0.6
url:	http://dsecrg.com/pages/vul/show.php?id=336http	Trust: 0.6
url:	http://dsecrg.com/pages/vul/show.php?id=338http	Trust: 0.6
url:	http://dsecrg.com/pages/vul/show.php?id=337http	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/520555/100/0/threaded	Trust: 0.6
url:	http://erpscan.com/advisories/dsecrg-11-037-sap-bw-doc-multiple-xss/	Trust: 0.6
url:	http://dsecrg.com/pages/vul/show.php?id=336	Trust: 0.3
url:	http://dsecrg.com/pages/vul/show.php?id=339	Trust: 0.3
url:	http://dsecrg.com/pages/vul/show.php?id=340	Trust: 0.3
url:	http://dsecrg.com/pages/vul/show.php?id=338	Trust: 0.3
url:	http://www.sap.com/platform/netweaver/index.epx	Trust: 0.3

CREDITS

Dmitriy Chastuchin, Dmitriy Evdokimov, Alexandr Polyakov and Alexey Tyurin of Digital Security Research Group (DSecRG)

Trust: 0.3

sources: BID: 50680

SOURCES

db:	CNVD	id:	CNVD-2011-4916
db:	CNVD	id:	CNVD-2011-4917
db:	CNVD	id:	CNVD-2011-4915
db:	CNVD	id:	CNVD-2011-4912
db:	CNVD	id:	CNVD-2011-4914
db:	CNVD	id:	CNVD-2011-4913
db:	CNVD	id:	CNVD-2011-4911
db:	BID	id:	50680
db:	JVNDB	id:	JVNDB-2013-001560
db:	CNNVD	id:	CNNVD-201302-162
db:	NVD	id:	CVE-2011-5260

LAST UPDATE DATE

2024-11-23T23:10:03.431000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-4916	date:	2011-11-16T00:00:00
db:	CNVD	id:	CNVD-2011-4917	date:	2011-11-16T00:00:00
db:	CNVD	id:	CNVD-2011-4915	date:	2011-11-16T00:00:00
db:	CNVD	id:	CNVD-2011-4912	date:	2011-11-16T00:00:00
db:	CNVD	id:	CNVD-2011-4914	date:	2011-11-16T00:00:00
db:	CNVD	id:	CNVD-2011-4913	date:	2011-11-16T00:00:00
db:	CNVD	id:	CNVD-2011-4911	date:	2011-11-16T00:00:00
db:	BID	id:	50680	date:	2013-02-14T12:21:00
db:	JVNDB	id:	JVNDB-2013-001560	date:	2013-02-15T00:00:00
db:	CNNVD	id:	CNNVD-201302-162	date:	2013-02-18T00:00:00
db:	NVD	id:	CVE-2011-5260	date:	2024-11-21T01:34:00.410

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2011-4916	date:	2011-11-16T00:00:00
db:	CNVD	id:	CNVD-2011-4917	date:	2011-11-16T00:00:00
db:	CNVD	id:	CNVD-2011-4915	date:	2011-11-16T00:00:00
db:	CNVD	id:	CNVD-2011-4912	date:	2011-11-16T00:00:00
db:	CNVD	id:	CNVD-2011-4914	date:	2011-11-16T00:00:00
db:	CNVD	id:	CNVD-2011-4913	date:	2011-11-16T00:00:00
db:	CNVD	id:	CNVD-2011-4911	date:	2011-11-16T00:00:00
db:	BID	id:	50680	date:	2011-11-15T00:00:00
db:	JVNDB	id:	JVNDB-2013-001560	date:	2013-02-15T00:00:00
db:	CNNVD	id:	CNNVD-201302-162	date:	2013-02-18T00:00:00
db:	NVD	id:	CVE-2011-5260	date:	2013-02-12T20:55:03.653