Computer Security
[EN] securityvulns.ru no-pyccku


SAP NetWeather multiple security vulnerabilities
Published:29.06.2015
Source:
SecurityVulns ID:14556
Type:remote
Threat Level:
7/10
Description:Information disclosure, XXE injection, code execution, DoS.
Affected:SAP : NetWeaver 7.31
CVE:CVE-2015-2817 (The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768.)
 CVE-2015-2815 (Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369.)
 CVE-2015-2812 (XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966.)
 CVE-2015-2811 (XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939.)
Original documentdocumentDarya Maenkova, [ERPSCAN-15-003] SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS (29.06.2015)
 documentDarya Maenkova, [ERPSCAN-15-004] SAP NetWeaver Portal XMLValidationComponent - XXE (29.06.2015)
 documentDarya Maenkova, [ERPSCAN-15-006] SAP NetWeaver Portal ReportXmlViewer - XXE (29.06.2015)
 documentDarya Maenkova, [ERPSCAN-15-007] SAP Management Console ReadProfile Parameters - Information disclosure (29.06.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod