CVE-2012-1292 - Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attacker

CVE-2012-1292

Summary

Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vectors.

References

http://dsecrg.com/pages/vul/show.php?id=416
http://secunia.com/advisories/47861
http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a
http://www.securityfocus.com/bid/52101
https://service.sap.com/sap/support/notes/1585527

Vulnerable Configurations

cpe:2.3:a:sap:netweaver:7.0:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:7.0:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 27-02-2012 - 05:00)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	52101
confirm	http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a
misc	http://dsecrg.com/pages/vul/show.php?id=416 https://service.sap.com/sap/support/notes/1585527
secunia	47861

Last major update

27-02-2012 - 05:00

Published

23-02-2012 - 20:07

Last modified

27-02-2012 - 05:00