54 matches found
Design/Logic Flaw
Unspecified vulnerability in the configuration service in SAP J2EE Engine allows remote attackers to obtain credential information via unknown vectors...
CVE-2013-7364
An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors...
CVE-2013-7357
Technical details about CVE-2013-7357 are not provided in the connected documents; no specifics on affected SAP J2EE Engine components, vectors, or remediation are available. Monitor for updates.
CVE-2013-7357
Unspecified vulnerability in the configuration service in SAP J2EE Engine allows remote attackers to obtain credential information via unknown vectors...
CVE-2013-6814
The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information cookies and SAPPASSPORT via unspecified vectors...
Design/Logic Flaw
The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information cookies and SAPPASSPORT via unspecified vectors...
CVE-2013-6814
The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information cookies and SAPPASSPORT via unspecified vectors...
CVE-2013-6814
The vulnerability CVE-2013-6814 affects the J2EE Engine in SAP NetWeaver 6.40, 7.02 and earlier. It enables remote attackers to redirect users to arbitrary websites, conduct phishing, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors. The exploited component is th...
[Onapsis Security Advisory 2013-002] SAP SDM Denial of Service
Onapsis Security Advisory 2013-002: SAP SDM Denial of Service This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentations and new...
[pdf] A crushing blow at the heart of SAP J2EE Engine
Доклад А.Полякова на конференции BlackHat USA 2011. Презентация интересна для тех, кто знает что такое SAP, и в чём принцип уязвимостей SMB Relay и Verb tampering. http://erpscan.ru/wp-content/uploads...2EEEngine.pdf З.Ы. Слушал эту презентацию в реале не на blackhat, к сожалению видео нигде не...
On 4th August SAP systems will be hacked on internet in BlackHat USA 2011
On 4th August SAP systems will be hacked on internet in BlackHat USA 2011 On the 4th of august at the world largest technical security conference - BlackHat USA 2011, which will take place in Las Vegas, SAP security expert and CTO of ERPScan Alexander Polyakov will show how any malicious attacker...
CVE-2010-2347
The Telnet interface in the SAP J2EE Engine Core SAP-JEECOR 6.40 through 7.02, and Server Core SERVERCORE 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors...
CVE-2010-2347
The Telnet interface in the SAP J2EE Engine Core SAP-JEECOR 6.40 through 7.02, and Server Core SERVERCORE 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors...
[Onapsis Security Advisory 2010-002] SAP J2EE Engine MDB Path Traversal
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2010-002: SAP J2EE Engine MDB Path Traversal This advisory can be downloaded from http://www.onapsis.com/research.html. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand...