Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: SAP, three vulnerabilities

February 2010 by Vigil@nce

SYNTHESIS OF THE VULNERABILITY

An attacker can use three vulnerabilities of the SAP environment, in order to obtain sensitive information, or to execute some actions.

Severity: 2/4

Consequences: user access/rights, data reading

Provenance: internet client

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Number of vulnerabilities in this bulletin: 3

Creation date: 11/02/2010

IMPACTED PRODUCTS

- SAP ERP
- SAP NetWeaver

DESCRIPTION OF THE VULNERABILITY

Three vulnerabilities were announced in the SAP environment.

When the Java Message-Driven Bean example is installed, an attacker can read files located on the server. [severity:2/4; 1421523, ONAPSIS-2010-002]

An attacker can generate a Cross Site Scripting in WebDynpro, in order for example to obtain sensitive information. [severity:2/4; 1424863, BID-38181, ONAPSIS-2010-003]

An attacker can send an email to a victim authenticated to a SAP J2EE application, in order to execute some actions. [severity:2/4; 1175239, BID-38183, ONAPSIS-2010-004]

CHARACTERISTICS

Identifiers: 1175239, 1421523, 1424863, BID-38181, BID-38183, ONAPSIS-2010-002, ONAPSIS-2010-003, ONAPSIS-2010-004, VIGILANCE-VUL-9444

http://vigilance.fr/vulnerability/S...




See previous articles

    

See next articles