Details of VAR-201604-0101

ID

VAR-201604-0101

CVE

CVE-2016-3973

TITLE

SAP NetWeaver Java AS Vulnerability in the acquisition of important user information in the chat function of the real-time collaboration service

Trust: 0.8

sources: JVNDB: JVNDB-2016-002000

DESCRIPTION

The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive user information by visiting webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat#, pressing "Add users", and doing a search, aka SAP Security Note 2255990. SAP NetWeaver is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. SAP Netweaver 7.4 is vulnerable; other versions may also be affected

Trust: 1.89

sources: NVD: CVE-2016-3973 // JVNDB: JVNDB-2016-002000 // BID: 85943

AFFECTED PRODUCTS

vendor:	sap	model:	netweaver application server java	scope:	lte	version:	7.50	Trust: 1.0
vendor:	sap	model:	netweaver application server java	scope:	gte	version:	7.10	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	7.1 to 7.5	Trust: 0.8
vendor:	sap	model:	netweaver	scope:	eq	version:	7.40	Trust: 0.6

sources: JVNDB: JVNDB-2016-002000 // CNNVD: CNNVD-201604-094 // NVD: CVE-2016-3973

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-3973
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-3973
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201604-094
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2016-3973
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2016-3973
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2016-3973
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2016-002000 // CNNVD: CNNVD-201604-094 // NVD: CVE-2016-3973

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2016-002000 // NVD: CVE-2016-3973

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-094

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201604-094

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002000

PATCH

title:	SAP Security Note 2255990	url:	http://scn.sap.com/docs/DOC-55451	Trust: 0.8
title:	SAP NetWeaver AS Java Real-Time Collaboration Repair measures for service security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60825	Trust: 0.6

sources: JVNDB: JVNDB-2016-002000 // CNNVD: CNNVD-201604-094

EXTERNAL IDS

db:	NVD	id:	CVE-2016-3973	Trust: 2.7
db:	PACKETSTORM	id:	137579	Trust: 1.6
db:	JVNDB	id:	JVNDB-2016-002000	Trust: 0.8
db:	CNNVD	id:	CNNVD-201604-094	Trust: 0.6
db:	BID	id:	85943	Trust: 0.3

sources: BID: 85943 // JVNDB: JVNDB-2016-002000 // CNNVD: CNNVD-201604-094 // NVD: CVE-2016-3973

REFERENCES

url:	https://erpscan.io/advisories/erpscan-16-016-sap-netweaver-7-4-information-disclosure-wd_chat/	Trust: 1.6
url:	http://seclists.org/fulldisclosure/2016/jun/46	Trust: 1.6
url:	http://packetstormsecurity.com/files/137579/sap-netweaver-as-java-7.5-information-disclosure.html	Trust: 1.6
url:	https://erpscan.io/press-center/blog/sap-security-notes-march-2016-review/	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3973	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3973	Trust: 0.8
url:	https://erpscan.com/advisories/erpscan-16-016-sap-netweaver-7-4-information-disclosure-wd_chat/	Trust: 0.8
url:	http://www.sap.com	Trust: 0.3

sources: BID: 85943 // JVNDB: JVNDB-2016-002000 // CNNVD: CNNVD-201604-094 // NVD: CVE-2016-3973

CREDITS

Vahagn Vardanyan (ERPScan).

Trust: 0.3

sources: BID: 85943

SOURCES

db:	BID	id:	85943
db:	JVNDB	id:	JVNDB-2016-002000
db:	CNNVD	id:	CNNVD-201604-094
db:	NVD	id:	CVE-2016-3973

LAST UPDATE DATE

2024-11-23T22:45:50.453000+00:00

SOURCES UPDATE DATE

db:	BID	id:	85943	date:	2016-03-09T00:00:00
db:	JVNDB	id:	JVNDB-2016-002000	date:	2016-08-31T00:00:00
db:	CNNVD	id:	CNNVD-201604-094	date:	2021-04-22T00:00:00
db:	NVD	id:	CVE-2016-3973	date:	2024-11-21T02:51:03.727

SOURCES RELEASE DATE

db:	BID	id:	85943	date:	2016-03-09T00:00:00
db:	JVNDB	id:	JVNDB-2016-002000	date:	2016-04-13T00:00:00
db:	CNNVD	id:	CNNVD-201604-094	date:	2016-04-08T00:00:00
db:	NVD	id:	CVE-2016-3973	date:	2016-04-07T19:59:04.377