ID ERPSCAN-14-012
Type erpscan
Reporter ERPScan
Modified 2014-05-30T00:00:00
Description
None
{"type": "erpscan", "published": "2014-05-30T00:00:00", "href": "https://erpscan.com/advisories/erpscan-14-012-sap-netweaver-dispatcher-multiple-vulnerabilities-rce-dos/", "objectVersion": "1.2", "bulletinFamily": "info", "cvelist": [], "cvss": {"vector": "NONE", "score": 0.0}, "hash": "0f549c2eb242d433e2cf3408998bbad7818e86c9c759e87cb120daf4fe89f0ae", "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-3976"]}], "modified": "2017-04-02T11:20:35"}, "vulnersScore": 7.5}, "lastseen": "2017-04-02T11:20:35", "viewCount": 4, "id": "ERPSCAN-14-012", "history": [{"lastseen": "2017-01-08T12:24:42", "edition": 1, "bulletin": {"type": "erpscan", "published": "2014-08-21T18:04:32", "href": "https://erpscan.com/advisories/erpscan-14-012-sap-netweaver-dispatcher-multiple-vulnerabilities-rce-dos/", "objectVersion": "1.2", "bulletinFamily": "info", "id": "ERPSCAN-14-012", "cvss": {"vector": "NONE", "score": 0.0}, "hash": "f5e6a0e014921e8ab32091116a51c1b7151b8afd133774e6b9aa20151f2dd808", "lastseen": "2017-01-08T12:24:42", "viewCount": 3, "cvelist": [], "history": [], "references": [], "edition": 1, "hashmap": [{"key": "published", "hash": "eae06b14d9836032d4dc2cbbeb255b62"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "bulletinFamily", "hash": "caf9b6b99962bf5c2264824231d7a40c"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "type", "hash": "7aa987ad7e8c4c07b62c1208b7cdb9ec"}, {"key": "reporter", "hash": "3947727f374f901847df03b135f014cf"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "modified", "hash": "7bfc14397ca486480b777dd5f4851f34"}, {"key": "title", "hash": "82a723154e213e5d48c956241267fa7e"}, {"key": "description", "hash": "cba8176073ab47a98d80ca1a3bc9e4cd"}, {"key": "href", "hash": "f27293a38de01acdcf3acc02f10312ab"}], "reporter": "ERPScan", "modified": "2015-02-19T15:14:57", "title": "SAP NetWeaver Dispatcher Multiple Vulnerabilities - RCE, DoS", "description": "**Application:** SAP NetWeaver Dispatcher \n**Versions Affected:** SAP KERNEL 7.00 32BIT, disp+work.exe (7000.52.12.34966) \n**Vendor URL:** [http://www.sap.com ](<http://www.sap.com>) \n**Bugs:** Buffer overflow [CWE-119], Integer overflow [CWE-190], Improper Input Validation [CWE-20] \n**CVSS:** AV:N/AC:H/Au:S/C:C/I:C/A:C (7.1) \n**Exploits:** PoC \n**Reported:** 30.05.2014 \n**Vendor response:** 02.06.2014 \n**Date of Public Advisory:** 21.08.2014 \n**Reference:** SAP Security Note [2025931](<https://service.sap.com/sap/support/notes/2025931>) \n**Author:** George Nosenko (ERPScan) \n\n**Description** \nMultiple vulnerabilities have been found in SAP NetWeaver Dispatcher that could allow an authenticated remote attacker to execute arbitrary code or lead to denial of service. \n\n**Business Risk** \nThe remote command execution vulnerability can lead to remote execution of arbitrary commands in SAP NetWeaver Dispatcher without authorization.\n"}, "differentElements": ["published", "modified"]}, {"lastseen": "2017-02-25T09:02:37", "edition": 2, "bulletin": {"type": "erpscan", "published": "2014-05-30T00:00:00", "href": "https://erpscan.com/advisories/erpscan-14-012-sap-netweaver-dispatcher-multiple-vulnerabilities-rce-dos/", "objectVersion": "1.2", "bulletinFamily": "info", "id": "ERPSCAN-14-012", "cvss": {"vector": "NONE", "score": 0.0}, "hash": "70268b3794978a2ae1305196a54d335aae14d9e5ba78322d26fd7fa3dc4c491e", "lastseen": "2017-02-25T09:02:37", "viewCount": 3, "cvelist": [], "history": [], "references": [], "edition": 2, "hashmap": [{"key": "modified", "hash": "61239ec595150d52e5d5d20357c61084"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "61239ec595150d52e5d5d20357c61084"}, {"key": "bulletinFamily", "hash": "caf9b6b99962bf5c2264824231d7a40c"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "type", "hash": "7aa987ad7e8c4c07b62c1208b7cdb9ec"}, {"key": "reporter", "hash": "3947727f374f901847df03b135f014cf"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "title", "hash": "82a723154e213e5d48c956241267fa7e"}, {"key": "description", "hash": "cba8176073ab47a98d80ca1a3bc9e4cd"}, {"key": "href", "hash": "f27293a38de01acdcf3acc02f10312ab"}], "reporter": "ERPScan", "modified": "2014-05-30T00:00:00", "title": "SAP NetWeaver Dispatcher Multiple Vulnerabilities - RCE, DoS", "description": "**Application:** SAP NetWeaver Dispatcher \n**Versions Affected:** SAP KERNEL 7.00 32BIT, disp+work.exe (7000.52.12.34966) \n**Vendor URL:** [http://www.sap.com ](<http://www.sap.com>) \n**Bugs:** Buffer overflow [CWE-119], Integer overflow [CWE-190], Improper Input Validation [CWE-20] \n**CVSS:** AV:N/AC:H/Au:S/C:C/I:C/A:C (7.1) \n**Exploits:** PoC \n**Reported:** 30.05.2014 \n**Vendor response:** 02.06.2014 \n**Date of Public Advisory:** 21.08.2014 \n**Reference:** SAP Security Note [2025931](<https://service.sap.com/sap/support/notes/2025931>) \n**Author:** George Nosenko (ERPScan) \n\n**Description** \nMultiple vulnerabilities have been found in SAP NetWeaver Dispatcher that could allow an authenticated remote attacker to execute arbitrary code or lead to denial of service. \n\n**Business Risk** \nThe remote command execution vulnerability can lead to remote execution of arbitrary commands in SAP NetWeaver Dispatcher without authorization.\n"}, "differentElements": ["description"]}], "references": [], "edition": 3, "hashmap": [{"key": "bulletinFamily", "hash": "caf9b6b99962bf5c2264824231d7a40c"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "08e9de24ab150d083240557cec091d53"}, {"key": "href", "hash": "f27293a38de01acdcf3acc02f10312ab"}, {"key": "modified", "hash": "61239ec595150d52e5d5d20357c61084"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "61239ec595150d52e5d5d20357c61084"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "3947727f374f901847df03b135f014cf"}, {"key": "title", "hash": "82a723154e213e5d48c956241267fa7e"}, {"key": "type", "hash": "7aa987ad7e8c4c07b62c1208b7cdb9ec"}], "reporter": "ERPScan", "modified": "2014-05-30T00:00:00", "title": "SAP NetWeaver Dispatcher Multiple Vulnerabilities - RCE, DoS", "description": "None\n"}
{"cve": [{"lastseen": "2018-12-11T12:19:24", "bulletinFamily": "NVD", "description": "Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971.", "modified": "2018-12-10T14:29:17", "published": "2016-04-07T19:59:10", "id": "CVE-2016-3976", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3976", "title": "CVE-2016-3976", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}
