Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: SAP, three vulnerabilities

February 2010 by Vigil@nce

SYNTHESIS OF THE VULNERABILITY

An attacker can use three vulnerabilities of the SAP environment,
in order to obtain sensitive information, or to execute some
actions.

Severity: 2/4

Consequences: user access/rights, data reading

Provenance: internet client

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Number of vulnerabilities in this bulletin: 3

Creation date: 11/02/2010

IMPACTED PRODUCTS

 SAP ERP
 SAP NetWeaver

DESCRIPTION OF THE VULNERABILITY

Three vulnerabilities were announced in the SAP environment.

When the Java Message-Driven Bean example is installed, an
attacker can read files located on the server. [severity:2/4;
1421523, ONAPSIS-2010-002]

An attacker can generate a Cross Site Scripting in WebDynpro, in
order for example to obtain sensitive information. [severity:2/4;
1424863, BID-38181, ONAPSIS-2010-003]

An attacker can send an email to a victim authenticated to a SAP
J2EE application, in order to execute some actions. [severity:2/4;
1175239, BID-38183, ONAPSIS-2010-004]

CHARACTERISTICS

Identifiers: 1175239, 1421523, 1424863, BID-38181, BID-38183,
ONAPSIS-2010-002, ONAPSIS-2010-003, ONAPSIS-2010-004,
VIGILANCE-VUL-9444

http://vigilance.fr/vulnerability/SAP-three-vulnerabilities-9444


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts