CVE-2012-1289
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or (3) ipc/admin/log.jsp or (4) ipc/admin/log_view.jsp in the Application Administration (com.sap.ipc.webapp.ipc) component.
Múltiples vulnerabilidades de salto de directorio en la plataforma SAP NetWeaver v7.0 permite a usuarios remotos autenticados leer ficheros arbitrarios a través de un .. (punto punto) en el parámetro logfilename a (1) b2b/admin/log.jsp o (2) b2b/admin/log_view.jsp en las ventas por Internet (crm.b2b), componente, o (3) ipc / admin log / . jsp o (4) los componentes del IPC / admin / log_view.jsp en la Administración de aplicaciones (com.sap.ipc.webapp.ipc) ..
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-02-23 CVE Reserved
- 2012-02-23 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a | X_refsource_confirm | |
| http://www.securityfocus.com/bid/52101 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/73346 | Vdb Entry | |
| https://service.sap.com/sap/support/notes/1585527 | X_refsource_misc |
| URL | Date | SRC |
|---|---|---|
| http://dsecrg.com/pages/vul/show.php?id=412 | 2024-08-06 | |
| http://dsecrg.com/pages/vul/show.php?id=413 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/47861 | 2017-08-29 |