CVE-2016-3635
https://notcve.org/view.php?id=CVE-2016-3635
SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366. SAP Netweaver 7.4 permite a usuarios remotos autenticados eludir una lista de control de acceso Unified Connectivity (UCON) intencionada y ejecutar Remote Function Modules (RFM) arbitrarios aprovechando una conexión creada por una ejecución anterior de un RFM anónimo incluido en una Communication Assembly, vulnerabilidad también conocida como SAP Security Note 2139366. • http://seclists.org/fulldisclosure/2016/Oct/48 http://www.securityfocus.com/bid/93501 https://www.onapsis.com/research/security-advisories/sap-ucon-security-protection-bypass • CWE-284: Improper Access Control •
CVE-2016-7435 – SAP Netweaver 7.40 SP 12 SCTC_TMS_MAINTAIN_ALOG Command Injection
https://notcve.org/view.php?id=CVE-2016-7435
The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security Note 2260344. Las funciones (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV y (3) SCTC_TMS_MAINTAIN_ALOG en el subpaquete SCTC en SAP Netweaver 7.40 SP 12 permiten a usuarios remotos autenticados con ciertos permisos ejecutar comandos arbitrarios a través de vectores relacionados con una sentencia CALL 'SYSTEM', vulnerabilidad también conocida como SAP Security Note 2260344. The SAP Netweaver version 7.40 SP 12 SCTC_REFRESH_EXPORT_TAB_COMP function does not correctly sanitize variables used when executing CALL 'SYSTEM' statement, allowing an attacker, with particular privileges, to execute any arbitrary OS command. • http://seclists.org/fulldisclosure/2016/Oct/0 http://seclists.org/fulldisclosure/2016/Oct/1 http://seclists.org/fulldisclosure/2016/Oct/2 http://www.securityfocus.com/bid/93272 https://www.onapsis.com/blog/analyzing-sap-security-notes-march-2016 https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshcheckenv https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshexporttabcomp https://www.onapsis.com/research/security-advisories/sap-os-comm • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-2389 – SAP xMII 15.0 - Directory Traversal
https://notcve.org/view.php?id=CVE-2016-2389
Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978. Vulnerabilidad de salto de directorio en la función GetFileList en el componente SAP Manufacturing Integration and Inteligence (xMII) 15.0 para SAP NetWeaver 7.4 permite a atacantes romotos leer archivos arbitrarios a través de .. (punto punto) en el parametro Path para /Catalog, también conocido como SAP Security Note 2230978. • https://www.exploit-db.com/exploits/39837 http://packetstormsecurity.com/files/137046/SAP-MII-15.0-Directory-Traversal.html http://seclists.org/fulldisclosure/2016/May/40 https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2016-2387
https://notcve.org/view.php?id=CVE-2016-2387
Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy Runtime ProxyServer servlet in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) ns or (2) interface parameter to ProxyServer/register, aka SAP Security Note 2220571. Múltiples vulnerabilidades de XSS en el Java Proxy Runtime ProxyServer servlet en SAP NetWeaver 7.5 permite a atacantes remotos inyectar secuencias de comandos de web o HTML arbitrarios a través de (1) ns o (2) parámetro de interfaz para ProxyServer/register, también conocido como SAP Security Note 2220571. • http://packetstormsecurity.com/files/137045/SAP-NetWeaver-AS-JAVA-7.4-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2016/May/39 https://erpscan.io/advisories/erpscan-16-008-sap-netweaver-7-4-proxyserver-servlet-xss-vulnerability https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-2386 – SAP NetWeaver SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2016-2386
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079. Vulnerabilidad de inyección SQL en el servidor UDDI en SAP NetWeaver J2EE Engine 7.40 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados, también conocida como SAP Security Note 2101079. SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer from a remote SQL injection vulnerability. SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. • https://www.exploit-db.com/exploits/43495 https://www.exploit-db.com/exploits/39840 https://github.com/murataydemir/CVE-2016-2386 http://packetstormsecurity.com/files/137129/SAP-NetWeaver-AS-JAVA-7.5-SQL-Injection.html http://seclists.org/fulldisclosure/2016/May/56 https://erpscan.io/advisories/erpscan-16-011-sap-netweaver-7-4-sql-injection-vulnerability https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review https://github.com/vah13/SAP_exploit • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •