SAP Netweaver Multiple Security Vulnerabilities
BID:50680
Info
SAP Netweaver Multiple Security Vulnerabilities
| Bugtraq ID: | 50680 |
| Class: | Unknown |
| CVE: |
CVE-2011-4707 CVE-2011-5260 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 15 2011 12:00AM |
| Updated: | Feb 14 2013 12:21PM |
| Credit: | Dmitriy Chastuchin, Dmitriy Evdokimov, Alexandr Polyakov and Alexey Tyurin of Digital Security Research Group (DSecRG) |
| Vulnerable: |
SAP NetWeaver 7.30 SAP NetWeaver 7.10 SAP NetWeaver 7.02 SAP NetWeaver 7.01 SAP NetWeaver 7.0 SP8 SAP NetWeaver 7.0 SP15 SAP NetWeaver 7.0 |
| Not Vulnerable: | |
Discussion
SAP Netweaver Multiple Security Vulnerabilities
SAP Netweaver is prone to multiple cross-site scripting vulnerabilities, a path traversal vulnerability, an html-injection vulnerability, a cross-site request-forgery vulnerability, and an authentication-bypass vulnerability.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary commands in the context of the application, disclose sensitive information, perform certain administrative actions, gain unauthorized access, or bypass certain security restrictions.
SAP Netweaver is prone to multiple cross-site scripting vulnerabilities, a path traversal vulnerability, an html-injection vulnerability, a cross-site request-forgery vulnerability, and an authentication-bypass vulnerability.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary commands in the context of the application, disclose sensitive information, perform certain administrative actions, gain unauthorized access, or bypass certain security restrictions.
Exploit / POC
SAP Netweaver Multiple Security Vulnerabilities
An attacker can use a web browser to exploit some of these issues.
To exploit a cross-site scripting or cross-site request forgery vulnerability, an attacker must entice an unsuspecting user to follow a malicious URI.
An attacker can use readily available tools to exploit the security bypass issue.
An attacker can use a web browser to exploit some of these issues.
To exploit a cross-site scripting or cross-site request forgery vulnerability, an attacker must entice an unsuspecting user to follow a malicious URI.
An attacker can use readily available tools to exploit the security bypass issue.
Solution / Fix
SAP Netweaver Multiple Security Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
SAP Netweaver Multiple Security Vulnerabilities
References:
References:
- [DSECRG-11-036] SAP NetWaver Virus Scan Interface - multiple XSS (Digital Security Research Group)
- [DSECRG-11-037] SAP BW Doc - Multiple XSS (Digital Security Research Group)
- [DSECRG-11-039] SAP NetWeaver TH_GREP module - Code injection vulnerability (N (Digital Security Research Group)
- [DSECRG-11-040] SAP NetWeaver SPML - XML CSRF user creation (Digital Security Research Group)
- [DSECRG-041] SAP NetWeaver - Authentication bypass (Verb Tampering) (Digital Security Research Group)
- [DSECRG-11-035] SAP GUI BAPI Explorer- Unauthorized execution of function (Digital Security Research Group)
- [DSECRG-11-038] SAP RSTXSCRP report - smb relay vulnerability (Digital Security Research Group)
- SAP NetWeaver Homepage (SAP)