Lucene search

[email protected]CVE-2015-5067

HistoryJun 24, 2015 - 2:59 p.m.

CVE-2015-5067

2015-06-2414:59:09

CWE-255

[email protected]

web.nvd.nist.gov

sap

netweaver

hardcoded credentials

vulnerability

cve-2015-5067

nvd

sap security notes

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

88.0%

JSON

The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982.

Affected configurations

NVD

Node

sapnetweaverMatch-

CPENameOperatorVersion
sap:netweaversap netweavereq-

CPE	Name	Operator	Version
sap:netweaver	sap netweaver	eq	-

References

packetstormsecurity.com/files/133515/SAP-NetWeaver-AS-FKCDBFTRACE-ABAP-Hardcoded-Credentials.html

packetstormsecurity.com/files/133516/SAP-NetWeaver-AS-LSCT1I13-ABAP-Hardcoded-Credentials.html

scn.sap.com/community/security/blog/2015/06/11/sap-security-notes-june-2015

www.securityfocus.com/bid/75165

erpscan.io/advisories/erpscan-15-015-sap-netweaver-hardcoded-credentials/

erpscan.io/advisories/erpscan-15-016-sap-netweaver-hardcoded-credentials/

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

88.0%

JSON

Related for CVE-2015-5067

cvelist1 prion1 nvd1