SAP NetWeaver GRMGApp Security Bypass and Information Disclosure Vulnerabilities
BID:58095
Info
SAP NetWeaver GRMGApp Security Bypass and Information Disclosure Vulnerabilities
| Bugtraq ID: | 58095 |
| Class: | Unknown |
| CVE: |
CVE-2013-6823 CVE-2013-6822 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 28 2013 12:00AM |
| Updated: | Nov 25 2013 01:04AM |
| Credit: | Dmitry Chastukhin of ERPScan |
| Vulnerable: |
SAP NetWeaver 7.30 SAP NetWeaver 7.10 SAP NetWeaver 7.02 SAP NetWeaver 7.01 SAP NetWeaver 7.0 |
| Not Vulnerable: | |
Discussion
SAP NetWeaver GRMGApp Security Bypass and Information Disclosure Vulnerabilities
SAP NetWeaver is prone to a security-bypass vulnerability and an information-disclosure vulnerability.
Successful exploits may allow an attacker to obtain sensitive information or bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks.
SAP NetWeaver is prone to a security-bypass vulnerability and an information-disclosure vulnerability.
Successful exploits may allow an attacker to obtain sensitive information or bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks.
Exploit / POC
SAP NetWeaver GRMGApp Security Bypass and Information Disclosure Vulnerabilities
An attacker can use readily available tools to exploit these issues.
An attacker can use readily available tools to exploit these issues.
Solution / Fix
SAP NetWeaver GRMGApp Security Bypass and Information Disclosure Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
SAP NetWeaver GRMGApp Security Bypass and Information Disclosure Vulnerabilities
References:
References:
- SAP NetWeaver Homepage (SAP)