CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7435 – SAP Netweaver 7.40 SP 12 SCTC_TMS_MAINTAIN_ALOG Command Injection
https://notcve.org/view.php?id=CVE-2016-7435
The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security Note 2260344. Las funciones (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV y (3) SCTC_TMS_MAINTAIN_ALOG en el subpaquete SCTC en SAP Netweaver 7.40 SP 12 permiten a usuarios remotos autenticados con ciertos permisos ejecutar comandos arbitrarios a través de vectores relacionados con una sentencia CALL 'SYSTEM', vulnerabilidad también conocida como SAP Security Note 2260344. The SAP Netweaver version 7.40 SP 12 SCTC_REFRESH_EXPORT_TAB_COMP function does not correctly sanitize variables used when executing CALL 'SYSTEM' statement, allowing an attacker, with particular privileges, to execute any arbitrary OS command. • http://seclists.org/fulldisclosure/2016/Oct/0 http://seclists.org/fulldisclosure/2016/Oct/1 http://seclists.org/fulldisclosure/2016/Oct/2 http://www.securityfocus.com/bid/93272 https://www.onapsis.com/blog/analyzing-sap-security-notes-march-2016 https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshcheckenv https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshexporttabcomp https://www.onapsis.com/research/security-advisories/sap-os-comm • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 21%CPEs: 1EXPL: 0CVE-2010-5326 – SAP NetWeaver Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-5326
The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "Detour" attack. El Invoker Servlet sobre plataformas SAP NetWeaver Application Server Java, posiblemente en versiones anteriores a 7.3, no requiere autenticación, loq ue permite a atacantes remotos ejecutar código arbitrario a través de una petición HTTP o HTTPS, según se ha explotado activamente desde 2013 hasta 2016, también conocido como un ataque "Detour". SAP NetWeaver Application Server Java Platforms Invoker Servlet does not require authentication, allowing for remote code execution via a HTTP or HTTPS request. • http://service.sap.com/sap/support/notes/1445998 http://www.onapsis.com/research/publications/sap-security-in-depth-vol4-the-invoker-servlet-a-dangerous-detour-into-sap-java-solutions http://www.securityfocus.com/bid/48925 http://www.securityfocus.com/bid/90533 http://www.us-cert.gov/ncas/alerts/TA16-132A https://www.onapsis.com/threat-report-tip-iceberg-wild-exploitation-cyber-attacks-sap-business-applications •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4015
https://notcve.org/view.php?id=CVE-2016-4015
The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784. El Enqueue Server en SAP NetWeaver JAVA AS 7.1 hasta la versión 7.4 permite a atacantes remotos causar una denegación de servicio (caída de proceso) a través de una petición manipulada, también conocida como SAP Security Note 2258784. • https://erpscan.io/advisories/erpscan-16-019-sap-netweaver-enqueue-server-dos-vulnerability https://erpscan.io/press-center/blog/dos-vulnerabilities-on-the-rise-sap-security-notes-april-2016 •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 3CVE-2016-4014 – SAP NetWeaver AS JAVA 7.4 XXE Injection
https://notcve.org/view.php?id=CVE-2016-4014
XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389. Vulnerabilidad de XXE en el componente UDDI en SAP NetWeaver JAVA AS 7.4 permite a atacantes remotos provocar una denegación de servicio (cuelgue del sistema) a través de un DTD manipulado en una petición XML para uddi/api/replication, también conocido como SAP Security Note 2254389. An attacker can trigger an XML Entity Expansion or XML External Entity Injection. This causes the entire machine to become unresponsive until the process is terminated manually. An attacker can use this flaw to perform a denial-of-service (DoS) attack. • https://github.com/murataydemir/CVE-2016-4014 http://packetstormsecurity.com/files/137919/SAP-NetWeaver-AS-JAVA-7.4-XXE-Injection.html http://seclists.org/fulldisclosure/2016/Jul/45 https://erpscan.io/advisories/erpscan-16-020-sap-netweaver-java-uddi-component-xxe-vulnerability https://erpscan.io/press-center/blog/dos-vulnerabilities-on-the-rise-sap-security-notes-april-2016 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8840
https://notcve.org/view.php?id=CVE-2015-8840
The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly have unspecified other impact via requests to (1) webcontent/cas/cas_enter.jsp, (2) webcontent/cas/cas_validate.jsp, or (3) webcontent/aas/aas_store.jsp, aka SAP Security Note 1945215. El XML Data Archiving Service (XML DAS) en SAP NetWeaver AS Java no comprueba la autorización, lo que permite a usuarios remotos autenticados obtener información sensible, obtener privilegios o posiblemente tener otro impacto no especificado a través de peticiones (1) webcontent/cas/cas_enter.jsp, (2) webcontent/cas/cas_validate.jsp o (3) webcontent/aas/aas_store.jsp, también conocido como SAP Security Note 1945215. • http://scn.sap.com/community/security/blog/2015/07/15/sap-security-notes-july-2015 https://erpscan.io/advisories/erpscan-15-017-sap-netweaver-j2ee-das-service-unauthorized-access • CWE-862: Missing Authorization •