Sign-up

ID

VAR-201303-0439


TITLE

SAP NetWeaver CA-CL SMB Relay Arbitrary File Disclosure Vulnerability

Trust: 0.9

sources: BID: 58612 // CNNVD: CNNVD-201303-526

DESCRIPTION

SAP NetWeaver is the next generation of service-based platform that will serve as the foundation for all future SAP applications. There is a file disclosure vulnerability in Classification (CA-CL) for SAP NetWeaver 7.30 and others. Because of the SMB Relay attack, an attacker can exploit this vulnerability to obtain arbitrary files on the SAP server file system. Remote attackers can exploit this issue to disclose arbitrary files in the context of the application. This may aid in further attacks. SAP NetWeaver 7.30 is vulnerable; other versions may also be affected

Trust: 0.99

sources: CNVD: CNVD-2013-02049 // BID: 58612 // IVD: a0983bb4-1f2f-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: a0983bb4-1f2f-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02049

AFFECTED PRODUCTS

vendor:sapmodel:netweaverscope:eqversion:7.3

Trust: 0.8

vendor:sapmodel:netweaverscope:eqversion:7.30

Trust: 0.3

sources: IVD: a0983bb4-1f2f-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02049 // BID: 58612

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2013-02049
value: MEDIUM

Trust: 0.6

IVD: a0983bb4-1f2f-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

CNVD: CNVD-2013-02049
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: a0983bb4-1f2f-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: a0983bb4-1f2f-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02049

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201303-526

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201303-526

PATCH

title:SAP NetWeaver CA-CL SMB Relay Patch for Any File Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/32984

Trust: 0.6

sources: CNVD: CNVD-2013-02049

EXTERNAL IDS

db:BIDid:58612

Trust: 1.5

db:CNVDid:CNVD-2013-02049

Trust: 0.8

db:CNNVDid:CNNVD-201303-526

Trust: 0.6

db:IVDid:A0983BB4-1F2F-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: a0983bb4-1f2f-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02049 // BID: 58612 // CNNVD: CNNVD-201303-526

REFERENCES

url:http://www.securelist.com/en/advisories/52699

Trust: 0.6

url:http://www.securityfocus.com/bid/58612

Trust: 0.6

url:http://erpscan.com/advisories/dsecrg-13-007-sap-netweaver-classification-smb-relay-vulnerability/

Trust: 0.3

url:http://www.sap.com/

Trust: 0.3

url:https://websmp230.sap-ag.de/sap/support/notes/1807196

Trust: 0.3

sources: CNVD: CNVD-2013-02049 // BID: 58612 // CNNVD: CNNVD-201303-526

CREDITS

Nikolay Mescherin (ERPScan)

Trust: 0.9

sources: BID: 58612 // CNNVD: CNNVD-201303-526

SOURCES

db:IVDid:a0983bb4-1f2f-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-02049
db:BIDid:58612
db:CNNVDid:CNNVD-201303-526

LAST UPDATE DATE

2022-05-17T01:55:57.931000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-02049date:2013-05-28T00:00:00
db:BIDid:58612date:2013-03-12T00:00:00
db:CNNVDid:CNNVD-201303-526date:2013-03-27T00:00:00

SOURCES RELEASE DATE

db:IVDid:a0983bb4-1f2f-11e6-abef-000c29c66e3ddate:2013-03-25T00:00:00
db:CNVDid:CNVD-2013-02049date:2013-03-25T00:00:00
db:BIDid:58612date:2013-03-12T00:00:00
db:CNNVDid:CNNVD-201303-526date:2013-03-27T00:00:00