Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в SAP NetWeather
Опубликовано:29 июня 2015 г.
Источник:
SecurityVulns ID:14556
Тип:удаленная
Уровень опасности:
7/10
Описание:Раскрытие информации, инъекции XXE, выполнение кода, DoS.
Затронутые продукты:SAP : NetWeaver 7.31
CVE:CVE-2015-2817 (The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768.)
 CVE-2015-2815 (Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369.)
 CVE-2015-2812 (XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966.)
 CVE-2015-2811 (XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939.)
Оригинальный текстdocumentDarya Maenkova, [ERPSCAN-15-003] SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS (29.06.2015)
 documentDarya Maenkova, [ERPSCAN-15-004] SAP NetWeaver Portal XMLValidationComponent - XXE (29.06.2015)
 documentDarya Maenkova, [ERPSCAN-15-006] SAP NetWeaver Portal ReportXmlViewer - XXE (29.06.2015)
 documentDarya Maenkova, [ERPSCAN-15-007] SAP Management Console ReadProfile Parameters - Information disclosure (29.06.2015)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород