ID
VAR-201709-1268
TITLE
SAP NetWeaver Unspecified SQL Injection Vulnerability
Trust: 0.3
sources:
BID: 100911
DESCRIPTION
SAP NetWeaver is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Trust: 0.3
sources:
BID: 100911
AFFECTED PRODUCTS
| vendor: | sap | model: | netweaver | scope: | eq | version: | 0 | Trust: 0.3 |
sources:
BID: 100911
THREAT TYPE
network
Trust: 0.3
sources:
BID: 100911
TYPE
Input Validation Error
Trust: 0.3
sources:
BID: 100911
EXTERNAL IDS
| db: | BID | id: | 100911 | Trust: 0.3 |
sources:
BID: 100911
REFERENCES
| url: | http://www.sap.com | Trust: 0.3 |
| url: | https://help.sap.com/nw_platform | Trust: 0.3 |
| url: | https://launchpad.support.sap.com/#/notes/2453642 | Trust: 0.3 |
| url: | https://blogs.sap.com/2017/09/12/sap-security-patch-day-september-2017/ | Trust: 0.3 |
sources:
BID: 100911
CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
BID: 100911
SOURCES
| db: | BID | id: | 100911 |
LAST UPDATE DATE
2022-05-17T02:02:25.544000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 100911 | date: | 2017-09-12T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 100911 | date: | 2017-09-12T00:00:00 |