Sign-up

ID

VAR-201302-0414


TITLE

SAP J2EE Core Service Arbitrary File Access Vulnerability

Trust: 0.8

sources: IVD: 092a042e-1f34-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-01356

DESCRIPTION

SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. SAP J2EE core services provide various features through different protocols. A service lacks proper authentication and authorization, allowing remote unauthenticated attackers to read and write arbitrary files in the SIDADM user context

Trust: 0.72

sources: CNVD: CNVD-2013-01356 // IVD: 092a042e-1f34-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 092a042e-1f34-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-01356

AFFECTED PRODUCTS

vendor:sapmodel:netweaverscope:eqversion:7.x

Trust: 0.6

vendor:sapmodel:j2ee core servicesscope: - version: -

Trust: 0.6

vendor:sapmodel:netweaverscope:eqversion:7.x*

Trust: 0.2

vendor:sapmodel:j2ee core services nullscope:eqversion:*

Trust: 0.2

sources: IVD: 092a042e-1f34-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-01356

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD: 092a042e-1f34-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

IVD: 092a042e-1f34-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

sources: IVD: 092a042e-1f34-11e6-abef-000c29c66e3d

TYPE

Permission permission and access control errors

Trust: 0.2

sources: IVD: 092a042e-1f34-11e6-abef-000c29c66e3d

PATCH

title:SAP J2EE Core Service Patch for Any File Access Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/32379

Trust: 0.6

sources: CNVD: CNVD-2013-01356

EXTERNAL IDS

db:CNVDid:CNVD-2013-01356

Trust: 0.8

db:IVDid:092A042E-1F34-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: 092a042e-1f34-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-01356

REFERENCES

url:http://archives.neohapsis.com/archives/bugtraq/2013-02/0133.html

Trust: 0.6

sources: CNVD: CNVD-2013-01356

SOURCES

db:IVDid:092a042e-1f34-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-01356

LAST UPDATE DATE

2022-05-17T01:48:05.536000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-01356date:2013-02-28T00:00:00

SOURCES RELEASE DATE

db:IVDid:092a042e-1f34-11e6-abef-000c29c66e3ddate:2013-02-28T00:00:00
db:CNVDid:CNVD-2013-01356date:2013-02-28T00:00:00