Sign-up

ID

VAR-201302-0413


TITLE

SAP NetWeaver MMC Request forgery vulnerability

Trust: 0.8

sources: IVD: 55107454-1f39-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-00692

DESCRIPTION

SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. SAP NetWeaver has a cross-site request forgery vulnerability that allows an attacker to build a malicious URI, entice a user to resolve, and perform malicious actions in the target user context, such as executing shell commands

Trust: 0.72

sources: CNVD: CNVD-2013-00692 // IVD: 55107454-1f39-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 55107454-1f39-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-00692

AFFECTED PRODUCTS

vendor:sapmodel:netweaverscope:eqversion:7.x

Trust: 0.8

sources: IVD: 55107454-1f39-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-00692

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD: 55107454-1f39-11e6-abef-000c29c66e3d
value: LOW

Trust: 0.2

IVD: 55107454-1f39-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

sources: IVD: 55107454-1f39-11e6-abef-000c29c66e3d

TYPE

Permission permission and access control

Trust: 0.2

sources: IVD: 55107454-1f39-11e6-abef-000c29c66e3d

PATCH

title:SAP NetWeaver MMC Request Patch for Forgery Vulnerabilitiesurl:https://www.cnvd.org.cn/patchinfo/show/31380

Trust: 0.6

sources: CNVD: CNVD-2013-00692

EXTERNAL IDS

db:CNVDid:CNVD-2013-00692

Trust: 0.8

db:IVDid:55107454-1F39-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: 55107454-1f39-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-00692

REFERENCES

url:http://erpscan.com/advisories/dsecrg-12-051-sap-netweaver-mmc-csrf/http

Trust: 0.6

sources: CNVD: CNVD-2013-00692

SOURCES

db:IVDid:55107454-1f39-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-00692

LAST UPDATE DATE

2022-05-17T02:09:07.310000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-00692date:2013-05-26T00:00:00

SOURCES RELEASE DATE

db:IVDid:55107454-1f39-11e6-abef-000c29c66e3ddate:2013-02-04T00:00:00
db:CNVDid:CNVD-2013-00692date:2013-02-04T00:00:00