cvelistv5 - CVE-2010-2347

CVE-2010-2347 (GCVE-0-2010-2347)

Vulnerability from cvelistv5

Published

2010-06-21 19:00

Modified

2024-08-07 02:32

Severity ?

CWE

Summary

References

URL

Tags

cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0371.html
cve@mitre.org	http://secunia.com/advisories/40223	Vendor Advisory
cve@mitre.org	http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-005
cve@mitre.org	http://www.securityfocus.com/archive/1/511855/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/40916
cve@mitre.org	http://www.securitytracker.com/id?1024114
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/59502
cve@mitre.org	https://service.sap.com/sap/support/notes/1425847
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0371.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/40223	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-005
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/511855/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/40916
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1024114
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/59502
af854a3a-2127-422b-91ae-364da2661108	https://service.sap.com/sap/support/notes/1425847

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:32:16.432Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-005"
          },
          {
            "name": "sap-j2eenginecore-telnet-weak-security(59502)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59502"
          },
          {
            "name": "20100616 [Onapsis Security Advisory 2010-005] SAP J2EE Telnet Administration Security Check Bypass",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0371.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://service.sap.com/sap/support/notes/1425847"
          },
          {
            "name": "20100616 [Onapsis Security Advisory 2010-005] SAP J2EE Telnet Administration Security Check Bypass",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/511855/100/0/threaded"
          },
          {
            "name": "40223",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40223"
          },
          {
            "name": "40916",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/40916"
          },
          {
            "name": "1024114",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024114"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-06-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 through 7.02, and Server Core (SERVERCORE) 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-005"
        },
        {
          "name": "sap-j2eenginecore-telnet-weak-security(59502)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59502"
        },
        {
          "name": "20100616 [Onapsis Security Advisory 2010-005] SAP J2EE Telnet Administration Security Check Bypass",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0371.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://service.sap.com/sap/support/notes/1425847"
        },
        {
          "name": "20100616 [Onapsis Security Advisory 2010-005] SAP J2EE Telnet Administration Security Check Bypass",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/511855/100/0/threaded"
        },
        {
          "name": "40223",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40223"
        },
        {
          "name": "40916",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/40916"
        },
        {
          "name": "1024114",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024114"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2347",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 through 7.02, and Server Core (SERVERCORE) 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-005",
              "refsource": "MISC",
              "url": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-005"
            },
            {
              "name": "sap-j2eenginecore-telnet-weak-security(59502)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59502"
            },
            {
              "name": "20100616 [Onapsis Security Advisory 2010-005] SAP J2EE Telnet Administration Security Check Bypass",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0371.html"
            },
            {
              "name": "https://service.sap.com/sap/support/notes/1425847",
              "refsource": "MISC",
              "url": "https://service.sap.com/sap/support/notes/1425847"
            },
            {
              "name": "20100616 [Onapsis Security Advisory 2010-005] SAP J2EE Telnet Administration Security Check Bypass",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/511855/100/0/threaded"
            },
            {
              "name": "40223",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40223"
            },
            {
              "name": "40916",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/40916"
            },
            {
              "name": "1024114",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024114"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-2347",
    "datePublished": "2010-06-21T19:00:00",
    "dateReserved": "2010-06-21T00:00:00",
    "dateUpdated": "2024-08-07T02:32:16.432Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-2347\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-06-21T19:30:01.990\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 through 7.02, and Server Core (SERVERCORE) 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"El interfaz Telnet en el SAP J2EE Engine Core (SAP-JEECOR) v6.40 hasta v7.02, y Server Core (SERVERCORE) v7.10 hasta la v7.30 permite a usuarios remotos autenticados evitar una comprobaci\u00f3n de seguridad y realizar ataques de retransmisi\u00f3n de SMB a trav\u00e9s de vectores sin especificar.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:P/A:N\",\"baseScore\":4.9,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.8,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:j2ee_engine_core:6.40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF47C84E-A928-471E-8866-9EFE8503C7B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:j2ee_engine_core:7.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BAA9A27-40F8-4A2D-9988-4B25FC0E47C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:j2ee_engine_core:7.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"586AF9AC-84C8-4C50-8053-2DB8525620AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:j2ee_engine_core:7.02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6911CBA7-2677-42E6-BC92-0389B0CEA104\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:server_core:7.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7CE3526-F61B-4DA3-B1C0-7523CF3A82DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:server_core:7.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D1FCCA5-1C57-44A5-8DCE-3EC1DACC86DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:server_core:7.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC7EE990-5E12-480A-8721-AF926883819A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:server_core:7.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A2054E9-824C-4377-B845-CEA20965BB81\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0371.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/40223\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-005\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/511855/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/40916\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1024114\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/59502\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://service.sap.com/sap/support/notes/1425847\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0371.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/40223\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-005\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/511855/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/40916\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1024114\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/59502\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://service.sap.com/sap/support/notes/1425847\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2010-2347

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2010-2347

Aliases

CVE-2010-2347

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-2347",
    "description": "The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 through 7.02, and Server Core (SERVERCORE) 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors.",
    "id": "GSD-2010-2347"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-2347"
      ],
      "details": "The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 through 7.02, and Server Core (SERVERCORE) 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors.",
      "id": "GSD-2010-2347",
      "modified": "2023-12-13T01:21:31.055895Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2010-2347",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 through 7.02, and Server Core (SERVERCORE) 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-005",
            "refsource": "MISC",
            "url": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-005"
          },
          {
            "name": "sap-j2eenginecore-telnet-weak-security(59502)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59502"
          },
          {
            "name": "20100616 [Onapsis Security Advisory 2010-005] SAP J2EE Telnet Administration Security Check Bypass",
            "refsource": "FULLDISC",
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0371.html"
          },
          {
            "name": "https://service.sap.com/sap/support/notes/1425847",
            "refsource": "MISC",
            "url": "https://service.sap.com/sap/support/notes/1425847"
          },
          {
            "name": "20100616 [Onapsis Security Advisory 2010-005] SAP J2EE Telnet Administration Security Check Bypass",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/511855/100/0/threaded"
          },
          {
            "name": "40223",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/40223"
          },
          {
            "name": "40916",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/40916"
          },
          {
            "name": "1024114",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1024114"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:j2ee_engine_core:7.02:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:j2ee_engine_core:6.40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:j2ee_engine_core:7.00:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:j2ee_engine_core:7.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:server_core:7.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:server_core:7.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:server_core:7.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:server_core:7.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2347"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 through 7.02, and Server Core (SERVERCORE) 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1024114",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1024114"
            },
            {
              "name": "https://service.sap.com/sap/support/notes/1425847",
              "refsource": "MISC",
              "tags": [],
              "url": "https://service.sap.com/sap/support/notes/1425847"
            },
            {
              "name": "20100616 [Onapsis Security Advisory 2010-005] SAP J2EE Telnet Administration Security Check Bypass",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0371.html"
            },
            {
              "name": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-005",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-005"
            },
            {
              "name": "40223",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/40223"
            },
            {
              "name": "40916",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/40916"
            },
            {
              "name": "sap-j2eenginecore-telnet-weak-security(59502)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59502"
            },
            {
              "name": "20100616 [Onapsis Security Advisory 2010-005] SAP J2EE Telnet Administration Security Check Bypass",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/511855/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-10T19:59Z",
      "publishedDate": "2010-06-21T19:30Z"
    }
  }
}

ghsa-545x-w5vx-gr54

Vulnerability from github

Published

2022-05-14 02:44

Modified

2022-05-14 02:44

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-2347"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-06-21T19:30:00Z",
    "severity": "MODERATE"
  },
  "details": "The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 through 7.02, and Server Core (SERVERCORE) 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors.",
  "id": "GHSA-545x-w5vx-gr54",
  "modified": "2022-05-14T02:44:27Z",
  "published": "2022-05-14T02:44:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2347"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59502"
    },
    {
      "type": "WEB",
      "url": "https://service.sap.com/sap/support/notes/1425847"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0371.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/40223"
    },
    {
      "type": "WEB",
      "url": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-005"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/511855/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/40916"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1024114"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2010-AVI-281

Vulnerability from certfr_avis

Deux vulnérabilités dans le traitement d'images par LibTIFF sont exploitables par un utilisateur malveillant pour exécuter du code arbitraire.

Description

Un débordement de mémoire peut survenir lors du traitement du champ SubjectDistance dans une image au format TIFF. Cette vulnérabilité est exploitable par un utilisateur malveillant pour exécuter du code arbitraire au moyen d'une image TIFF spécialement conçue (CVE-2010-2067).

La correction de la vulnérabilité référencée CVE-2010-2347, permettant de l'exécution de code arbitraire, était incomplète.

Solution

La version 3.9.4 de la bibliothèque LibTIFF remédie à ce problème.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

LibTIFF version 3.9.3 et versions antérieures.

Les applications utilisant cette bibliothèque peuvent être vulnérables.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

var-201006-0349

Vulnerability from variot

The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 through 7.02, and Server Core (SERVERCORE) 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors. The SAP J2EE engine is prone to a remote information-disclosure vulnerability. Remote attackers can exploit this issue to obtain sensitive information. Information obtained may aim in further attacks and facilitate access to other services. The issue affects the following: SAP-JEECOR 6.40 SAP-JEECOR 7.00 SAP-JEECOR 7.01 SAP-JEECOR 7.02 SERVERCORE 7.10 SERVERCORE 7.11 SERVERCORE 7.20 SERVERCORE 7.30. ----------------------------------------------------------------------

Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management

Free webinars

http://secunia.com/vulnerability_scanning/corporate/webinars/

TITLE: SAP J2EE Telnet Interface Credentials Reflection Vulnerability

SECUNIA ADVISORY ID: SA40223

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40223/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40223

RELEASE DATE: 2010-06-26

DISCUSS ADVISORY: http://secunia.com/advisories/40223/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/40223/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=40223

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: Mariano Nu\xf1ez Di Croce has reported a vulnerability in the SAP J2EE engine, which can be exploited by malicious people to bypass certain security restrictions and potentially compromise a vulnerable system.

The vulnerability is caused due to an unspecified error in the J2EE telnet interface and can be exploited to replay authentication credentials when authenticating to other services (e.g. SMB).

The vulnerability is reported in the following versions: * SAP-JEECOR 6.40 * SAP-JEECOR 7.00 * SAP-JEECOR 7.01 * SAP-JEECOR 7.02 * SERVERCORE 7.10 * SERVERCORE 7.11 * SERVERCORE 7.20 * SERVERCORE 7.30

SOLUTION: Patches are available via SAP note 1425847.

Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

PROVIDED AND/OR DISCOVERED BY: Mariano Nu\xf1ez Di Croce, Onapsis

ORIGINAL ADVISORY: Onapsis: http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0371.html

SAP (note 1425847): http://service.sap.com/sap/support/notes/1425847

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201006-0349",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "j2ee engine core",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "sap",
        "version": "7.02"
      },
      {
        "model": "j2ee engine core",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "sap",
        "version": "7.01"
      },
      {
        "model": "j2ee engine core",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "sap",
        "version": "7.00"
      },
      {
        "model": "j2ee engine core",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "sap",
        "version": "6.40"
      },
      {
        "model": "server core",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sap",
        "version": "7.11"
      },
      {
        "model": "server core",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sap",
        "version": "7.20"
      },
      {
        "model": "server core",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sap",
        "version": "7.30"
      },
      {
        "model": "server core",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sap",
        "version": "7.10"
      },
      {
        "model": "j2ee engine core",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sap",
        "version": "6.40 to  7.02"
      },
      {
        "model": "server core",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sap",
        "version": "7.10 to  7.30"
      },
      {
        "model": "j2ee engine core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.30"
      },
      {
        "model": "j2ee engine core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.20"
      },
      {
        "model": "j2ee engine core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.11"
      },
      {
        "model": "j2ee engine core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.10"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "40916"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-005549"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-344"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-2347"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:sap:j2ee_engine_core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:sap:server_core",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-005549"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Mariano Nu\u00f1ez Di Croce",
    "sources": [
      {
        "db": "BID",
        "id": "40916"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2010-2347",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.8,
            "id": "CVE-2010-2347",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2010-2347",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2010-2347",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201006-344",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-005549"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-344"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-2347"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 through 7.02, and Server Core (SERVERCORE) 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors. The SAP J2EE engine is prone to a remote information-disclosure vulnerability. \nRemote attackers can exploit this issue to obtain sensitive information. Information obtained may aim in further attacks and facilitate access to other services. \nThe issue affects the following:\nSAP-JEECOR 6.40\nSAP-JEECOR 7.00\nSAP-JEECOR 7.01\nSAP-JEECOR 7.02\nSERVERCORE 7.10\nSERVERCORE 7.11\nSERVERCORE 7.20\nSERVERCORE 7.30. ----------------------------------------------------------------------\n\n\nSecunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management\n\nFree webinars\n\nhttp://secunia.com/vulnerability_scanning/corporate/webinars/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nSAP J2EE Telnet Interface Credentials Reflection Vulnerability\n\nSECUNIA ADVISORY ID:\nSA40223\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/40223/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40223\n\nRELEASE DATE:\n2010-06-26\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/40223/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/40223/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40223\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMariano Nu\\xf1ez Di Croce has reported a vulnerability in the SAP J2EE\nengine, which can be exploited by malicious people to bypass certain\nsecurity restrictions and potentially compromise a vulnerable\nsystem. \n\nThe vulnerability is caused due to an unspecified error in the J2EE\ntelnet interface and can be exploited to replay authentication\ncredentials when authenticating to other services (e.g. SMB). \n\nThe vulnerability is reported in the following versions:\n* SAP-JEECOR 6.40\n* SAP-JEECOR 7.00\n* SAP-JEECOR 7.01\n* SAP-JEECOR 7.02\n* SERVERCORE 7.10\n* SERVERCORE 7.11\n* SERVERCORE 7.20\n* SERVERCORE 7.30\n\nSOLUTION:\nPatches are available via SAP note 1425847. \n\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nPROVIDED AND/OR DISCOVERED BY:\nMariano Nu\\xf1ez Di Croce, Onapsis\n\nORIGINAL ADVISORY:\nOnapsis:\nhttp://archives.neohapsis.com/archives/fulldisclosure/2010-06/0371.html\n\nSAP (note 1425847):\nhttp://service.sap.com/sap/support/notes/1425847\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-2347"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-005549"
      },
      {
        "db": "BID",
        "id": "40916"
      },
      {
        "db": "PACKETSTORM",
        "id": "91086"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2010-2347",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "40916",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "40223",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1024114",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-005549",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "2",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "59502",
        "trust": 0.6
      },
      {
        "db": "FULLDISC",
        "id": "20100616 [ONAPSIS SECURITY ADVISORY 2010-005] SAP J2EE TELNET ADMINISTRATION SECURITY CHECK BYPASS",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20100616 [ONAPSIS SECURITY ADVISORY 2010-005] SAP J2EE TELNET ADMINISTRATION SECURITY CHECK BYPASS",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-344",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "91086",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "40916"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-005549"
      },
      {
        "db": "PACKETSTORM",
        "id": "91086"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-344"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-2347"
      }
    ]
  },
  "id": "VAR-201006-0349",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.2777778
  },
  "last_update_date": "2024-11-23T21:06:25.455000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.sap.com/index.epx"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-005549"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-005549"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-2347"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://service.sap.com/sap/support/notes/1425847"
      },
      {
        "trust": 1.7,
        "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0371.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id?1024114"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/40916"
      },
      {
        "trust": 1.6,
        "url": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-005"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/40223"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/511855/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59502"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2347"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2347"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/59502"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/511855/100/0/threaded"
      },
      {
        "trust": 0.3,
        "url": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-005 "
      },
      {
        "trust": 0.3,
        "url": "https://service.sap.com/sap/support/notes/1425847 "
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/products/corporate/evm/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/40223/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/webinars/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/40223/"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40223"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "40916"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-005549"
      },
      {
        "db": "PACKETSTORM",
        "id": "91086"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-344"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-2347"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "40916"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-005549"
      },
      {
        "db": "PACKETSTORM",
        "id": "91086"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-344"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-2347"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-06-16T00:00:00",
        "db": "BID",
        "id": "40916"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-005549"
      },
      {
        "date": "2010-06-28T07:29:48",
        "db": "PACKETSTORM",
        "id": "91086"
      },
      {
        "date": "2010-06-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201006-344"
      },
      {
        "date": "2010-06-21T19:30:01.990000",
        "db": "NVD",
        "id": "CVE-2010-2347"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-04-13T21:02:00",
        "db": "BID",
        "id": "40916"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-005549"
      },
      {
        "date": "2010-06-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201006-344"
      },
      {
        "date": "2024-11-21T01:16:28.080000",
        "db": "NVD",
        "id": "CVE-2010-2347"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-344"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SAP-JEECOR of  Telnet Vulnerabilities that bypass security checks in interfaces",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-005549"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-344"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2010-2347

Vulnerability from fkie_nvd

Published

2010-06-21 19:30

Modified

2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0371.html
cve@mitre.org	http://secunia.com/advisories/40223	Vendor Advisory
cve@mitre.org	http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-005
cve@mitre.org	http://www.securityfocus.com/archive/1/511855/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/40916
cve@mitre.org	http://www.securitytracker.com/id?1024114
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/59502
cve@mitre.org	https://service.sap.com/sap/support/notes/1425847
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0371.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/40223	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-005
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/511855/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/40916
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1024114
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/59502
af854a3a-2127-422b-91ae-364da2661108	https://service.sap.com/sap/support/notes/1425847

Impacted products

Vendor	Product	Version
sap	j2ee_engine_core	6.40
sap	j2ee_engine_core	7.00
sap	j2ee_engine_core	7.01
sap	j2ee_engine_core	7.02
sap	server_core	7.10
sap	server_core	7.11
sap	server_core	7.20
sap	server_core	7.30

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:j2ee_engine_core:6.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF47C84E-A928-471E-8866-9EFE8503C7B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:j2ee_engine_core:7.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BAA9A27-40F8-4A2D-9988-4B25FC0E47C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:j2ee_engine_core:7.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "586AF9AC-84C8-4C50-8053-2DB8525620AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:j2ee_engine_core:7.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "6911CBA7-2677-42E6-BC92-0389B0CEA104",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:server_core:7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7CE3526-F61B-4DA3-B1C0-7523CF3A82DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:server_core:7.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D1FCCA5-1C57-44A5-8DCE-3EC1DACC86DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:server_core:7.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC7EE990-5E12-480A-8721-AF926883819A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:server_core:7.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A2054E9-824C-4377-B845-CEA20965BB81",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 through 7.02, and Server Core (SERVERCORE) 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "El interfaz Telnet en el SAP J2EE Engine Core (SAP-JEECOR) v6.40 hasta v7.02, y Server Core (SERVERCORE) v7.10 hasta la v7.30 permite a usuarios remotos autenticados evitar una comprobaci\u00f3n de seguridad y realizar ataques de retransmisi\u00f3n de SMB a trav\u00e9s de vectores sin especificar."
    }
  ],
  "id": "CVE-2010-2347",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-06-21T19:30:01.990",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0371.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40223"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-005"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/511855/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/40916"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1024114"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59502"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://service.sap.com/sap/support/notes/1425847"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0371.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40223"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/511855/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/40916"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1024114"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59502"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://service.sap.com/sap/support/notes/1425847"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2010-2347 (GCVE-0-2010-2347)

Vulnerability from cvelistv5

gsd-2010-2347

Vulnerability from gsd

ghsa-545x-w5vx-gr54

Vulnerability from github

CERTA-2010-AVI-281

Vulnerability from certfr_avis

Description

Solution

var-201006-0349

Vulnerability from variot

fkie_cve-2010-2347

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature