Details of VAR-201708-1661

ID

VAR-201708-1661

TITLE

SAP NetWeaver Visual Composer Remote Code Injection Vulnerability

Trust: 0.3

sources: BID: 100170

DESCRIPTION

SAP NetWeaver Visual Composer is prone to a vulnerability that lets attackers inject and execute arbitrary code. Successful exploits may allow an attacker to inject and run arbitrary code or obtain sensitive information that may aid in further attacks. Failed exploit attempts may result in a denial-of-service condition.

Trust: 0.3

sources: BID: 100170

AFFECTED PRODUCTS

vendor:	sap	model:	visual composer	scope:	eq	version:	7.31	Trust: 0.3
vendor:	sap	model:	visual composer	scope:	eq	version:	7.30	Trust: 0.3
vendor:	sap	model:	visual composer	scope:	eq	version:	7.02	Trust: 0.3
vendor:	sap	model:	visual composer	scope:	eq	version:	7.01	Trust: 0.3
vendor:	sap	model:	visual composer	scope:	eq	version:	7.00	Trust: 0.3
vendor:	sap	model:	vcframework	scope:	eq	version:	7.02	Trust: 0.3
vendor:	sap	model:	vcframework	scope:	eq	version:	7.01	Trust: 0.3
vendor:	sap	model:	vcframework	scope:	eq	version:	7.00	Trust: 0.3
vendor:	sap	model:	vc70runtime	scope:	eq	version:	7.50	Trust: 0.3
vendor:	sap	model:	vc70runtime	scope:	eq	version:	7.40	Trust: 0.3
vendor:	sap	model:	vc70runtime	scope:	eq	version:	7.31	Trust: 0.3
vendor:	sap	model:	vc70runtime	scope:	eq	version:	7.30	Trust: 0.3
vendor:	sap	model:	netweaver	scope:	eq	version:	0	Trust: 0.3

sources: BID: 100170

THREAT TYPE

network

Trust: 0.3

sources: BID: 100170

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 100170

EXTERNAL IDS

db:

BID

id:

100170

Trust: 0.3

sources: BID: 100170

REFERENCES

url:	http://www.sap.com/	Trust: 0.3
url:	https://service.sap.com/sap/support/notes/2376081	Trust: 0.3
url:	https://service.sap.com/sap/support/notes/2552318	Trust: 0.3
url:	https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/	Trust: 0.3
url:	https://blogs.sap.com/2017/08/08/sap-security-patch-day-august-2017/	Trust: 0.3

sources: BID: 100170

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 100170

SOURCES

db:

BID

id:

100170

LAST UPDATE DATE

2022-05-17T02:08:57.651000+00:00

SOURCES UPDATE DATE

db:

BID

id:

100170

date:

2018-04-11T09:00:00

SOURCES RELEASE DATE

db:

BID

id:

100170

date:

2017-08-08T00:00:00