CVSS: 6.5EPSS: 91%CPEs: 1EXPL: 0CVE-2016-9563 – SAP NetWeaver XML External Entity (XXE) Vulnerability
https://notcve.org/view.php?id=CVE-2016-9563
BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP Security Note 2296909. BC-BMT-BPM-DSK en SAP NetWeaver AS JAVA 7.5 permite a usuarios remotos autenticados llevar a cabo ataques XML External Entity (XXE) a través de la URI sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn, vulnerabilidad también conocida como SAP Security Note 2296909. SAP NetWeaver Application Server Java Platforms contains an unspecified vulnerability in BC-BMT-BPM-DSK which allows remote, authenticated users to conduct XML External Entity (XXE) attacks. • http://www.securityfocus.com/bid/92419 https://erpscan.io/advisories/erpscan-16-034-sap-netweaver-java-xxe-vulnerability-bc-bmt-bpm-dsk-component https://launchpad.support.sap.com/#/notes/2296909 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9562
https://notcve.org/view.php?id=CVE-2016-9562
SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835. SAP NetWeaver AS JAVA 7.4 permite a atacantes remotos provocar una denegación de servicio (excepción de puntero nulo e interrupción de icman) a través de una petición HTTPS a la URI sap.com~P4TunnelingApp!web/myServlet, vulnerabilidad también conocida como SAP Security Note 2313835. • http://www.securityfocus.com/bid/92418 http://www.securityfocus.com/bid/95363 https://erpscan.io/advisories/erpscan-16-033-sap-netweaver-java-icman-dos-vulnerability • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 21%CPEs: 1EXPL: 0CVE-2010-5326 – SAP NetWeaver Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-5326
The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "Detour" attack. El Invoker Servlet sobre plataformas SAP NetWeaver Application Server Java, posiblemente en versiones anteriores a 7.3, no requiere autenticación, loq ue permite a atacantes remotos ejecutar código arbitrario a través de una petición HTTP o HTTPS, según se ha explotado activamente desde 2013 hasta 2016, también conocido como un ataque "Detour". SAP NetWeaver Application Server Java Platforms Invoker Servlet does not require authentication, allowing for remote code execution via a HTTP or HTTPS request. • http://service.sap.com/sap/support/notes/1445998 http://www.onapsis.com/research/publications/sap-security-in-depth-vol4-the-invoker-servlet-a-dangerous-detour-into-sap-java-solutions http://www.securityfocus.com/bid/48925 http://www.securityfocus.com/bid/90533 http://www.us-cert.gov/ncas/alerts/TA16-132A https://www.onapsis.com/threat-report-tip-iceberg-wild-exploitation-cyber-attacks-sap-business-applications •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8840
https://notcve.org/view.php?id=CVE-2015-8840
The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly have unspecified other impact via requests to (1) webcontent/cas/cas_enter.jsp, (2) webcontent/cas/cas_validate.jsp, or (3) webcontent/aas/aas_store.jsp, aka SAP Security Note 1945215. El XML Data Archiving Service (XML DAS) en SAP NetWeaver AS Java no comprueba la autorización, lo que permite a usuarios remotos autenticados obtener información sensible, obtener privilegios o posiblemente tener otro impacto no especificado a través de peticiones (1) webcontent/cas/cas_enter.jsp, (2) webcontent/cas/cas_validate.jsp o (3) webcontent/aas/aas_store.jsp, también conocido como SAP Security Note 1945215. • http://scn.sap.com/community/security/blog/2015/07/15/sap-security-notes-july-2015 https://erpscan.io/advisories/erpscan-15-017-sap-netweaver-j2ee-das-service-unauthorized-access • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 97%CPEs: 1EXPL: 3CVE-2016-3976 – SAP NetWeaver Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2016-3976
Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971. Vulnerabilidad de salto de directorio en SAP NetWeaver AS Java 7.1 hasta la versión 7.5 permite a atacantes remotos leer archivos arbitrarios a través de ..\ (punto punto barra invertida) en el parámetro fileName para CrashFileDownloadServlet, también conocida como SAP Security Note 2234971. SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer from a directory traversal vulnerability. SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet. This allows remote attackers to read files. • https://www.exploit-db.com/exploits/39996 http://packetstormsecurity.com/files/137528/SAP-NetWeaver-AS-JAVA-7.5-Directory-Traversal.html http://seclists.org/fulldisclosure/2016/Jun/40 https://erpscan.io/advisories/erpscan-16-012 https://erpscan.io/press-center/blog/sap-security-notes-march-2016-review https://launchpad.support.sap.com/#/notes/2234971 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •