Details of VAR-201604-0103

ID

VAR-201604-0103

CVE

CVE-2016-3975

TITLE

SAP NetWeaver AS Java Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2016-002002

DESCRIPTION

Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to inject arbitrary web script or HTML via the navigationTarget parameter to irj/servlet/prt/portal/prteventname/XXX/prtroot/com.sapportals.navigation.testComponent.NavigationURLTester, aka SAP Security Note 2238375. Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. SAP NetWeaver 7.4 is vulnerable; other versions may also be affected

Trust: 1.89

sources: NVD: CVE-2016-3975 // JVNDB: JVNDB-2016-002002 // BID: 85945

AFFECTED PRODUCTS

vendor:	sap	model:	netweaver application server java	scope:	lte	version:	7.50	Trust: 1.0
vendor:	sap	model:	netweaver application server java	scope:	gte	version:	7.10	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	7.1 to 7.5	Trust: 0.8
vendor:	sap	model:	netweaver	scope:	eq	version:	7.40	Trust: 0.6

sources: JVNDB: JVNDB-2016-002002 // CNNVD: CNNVD-201604-096 // NVD: CVE-2016-3975

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-3975
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-3975
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201604-096
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2016-3975
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2016-3975
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	CVE-2016-3975
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2016-002002 // CNNVD: CNNVD-201604-096 // NVD: CVE-2016-3975

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2016-002002 // NVD: CVE-2016-3975

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-096

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201604-096

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002002

PATCH

title:	SAP Security Note 2238375	url:	http://scn.sap.com/docs/DOC-55451	Trust: 0.8
title:	SAP NetWeaver AS Java Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60827	Trust: 0.6

sources: JVNDB: JVNDB-2016-002002 // CNNVD: CNNVD-201604-096

EXTERNAL IDS

db:	NVD	id:	CVE-2016-3975	Trust: 2.7
db:	PACKETSTORM	id:	137529	Trust: 1.6
db:	JVNDB	id:	JVNDB-2016-002002	Trust: 0.8
db:	CNNVD	id:	CNNVD-201604-096	Trust: 0.6
db:	BID	id:	85945	Trust: 0.3

sources: BID: 85945 // JVNDB: JVNDB-2016-002002 // CNNVD: CNNVD-201604-096 // NVD: CVE-2016-3975

REFERENCES

url:	https://erpscan.io/advisories/erpscan-16-014-sap-netweaver-7-4-navigationurltester/	Trust: 1.6
url:	http://packetstormsecurity.com/files/137529/sap-netweaver-as-java-7.5-cross-site-scripting.html	Trust: 1.6
url:	http://seclists.org/fulldisclosure/2016/jun/42	Trust: 1.6
url:	https://erpscan.io/press-center/blog/sap-security-notes-march-2016-review/	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3975	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3975	Trust: 0.8
url:	https://erpscan.com/advisories/erpscan-16-014-sap-netweaver-7-4-navigationurltester/	Trust: 0.8

sources: JVNDB: JVNDB-2016-002002 // CNNVD: CNNVD-201604-096 // NVD: CVE-2016-3975

CREDITS

Vahagn Vardanyan (ERPScan)

Trust: 0.3

sources: BID: 85945

SOURCES

db:	BID	id:	85945
db:	JVNDB	id:	JVNDB-2016-002002
db:	CNNVD	id:	CNNVD-201604-096
db:	NVD	id:	CVE-2016-3975

LAST UPDATE DATE

2024-11-23T22:07:51.805000+00:00

SOURCES UPDATE DATE

db:	BID	id:	85945	date:	2016-03-08T00:00:00
db:	JVNDB	id:	JVNDB-2016-002002	date:	2016-08-31T00:00:00
db:	CNNVD	id:	CNNVD-201604-096	date:	2021-04-22T00:00:00
db:	NVD	id:	CVE-2016-3975	date:	2024-11-21T02:51:04.037

SOURCES RELEASE DATE

db:	BID	id:	85945	date:	2016-03-08T00:00:00
db:	JVNDB	id:	JVNDB-2016-002002	date:	2016-04-13T00:00:00
db:	CNNVD	id:	CNNVD-201604-096	date:	2016-04-08T00:00:00
db:	NVD	id:	CVE-2016-3975	date:	2016-04-07T19:59:06.087