cnvd-2023-100012
Vulnerability from cnvd

Title: SAP NetWeaver ABAP Server操作系统命令注入漏洞

Description:

SAP NetWeaver ABAP Server是德国思爱普(SAP)公司的一个用作SAP产品的Web应用程序服务器。

SAP NetWeaver ABAP Server存在操作系统命令注入漏洞,该漏洞源于应用未能正确过滤构造命令特殊字符、命令等。攻击者可利用该漏洞将任意操作系统命令注入到通用扩展中不受保护的参数中。

Severity:

Patch Name: SAP NetWeaver ABAP Server操作系统命令注入漏洞的补丁

Patch Description:

SAP NetWeaver ABAP Server是德国思爱普(SAP)公司的一个用作SAP产品的Web应用程序服务器。

SAP NetWeaver ABAP Server存在操作系统命令注入漏洞,该漏洞源于应用未能正确过滤构造命令特殊字符、命令等。攻击者可利用该漏洞将任意操作系统命令注入到通用扩展中不受保护的参数中。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序,请及时关注更新: https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Reference: https://me.sap.com/notes/3350297

Impacted products
Name
['SAP SAP NetWeaver ABAP Server 600', 'SAP SAP NetWeaver ABAP Server 602', 'SAP SAP NetWeaver ABAP Server 603', 'SAP SAP NetWeaver ABAP Server 604', 'SAP SAP NetWeaver ABAP Server 605', 'SAP SAP NetWeaver ABAP Server 606', 'SAP SAP NetWeaver ABAP Server 617', 'SAP SAP NetWeaver ABAP Server 618', 'SAP SAP NetWeaver ABAP Server 800', 'SAP SAP NetWeaver ABAP Server 802', 'SAP SAP NetWeaver ABAP Server 803', 'SAP SAP NetWeaver ABAP Server 804', 'SAP SAP NetWeaver ABAP Server 805', 'SAP SAP NetWeaver ABAP Server 806', 'SAP SAP NetWeaver ABAP Server 807']
Show details on source website

To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-36922",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-36922"
    }
  },
  "description": "SAP NetWeaver ABAP Server\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u7528\u4f5cSAP\u4ea7\u54c1\u7684Web\u5e94\u7528\u7a0b\u5e8f\u670d\u52a1\u5668\u3002\n\nSAP NetWeaver ABAP Server\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u672a\u80fd\u6b63\u786e\u8fc7\u6ee4\u6784\u9020\u547d\u4ee4\u7279\u6b8a\u5b57\u7b26\u3001\u547d\u4ee4\u7b49\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u4efb\u610f\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u5230\u901a\u7528\u6269\u5c55\u4e2d\u4e0d\u53d7\u4fdd\u62a4\u7684\u53c2\u6570\u4e2d\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-100012",
  "openTime": "2023-12-29",
  "patchDescription": "SAP NetWeaver ABAP Server\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u7528\u4f5cSAP\u4ea7\u54c1\u7684Web\u5e94\u7528\u7a0b\u5e8f\u670d\u52a1\u5668\u3002\r\n\r\nSAP NetWeaver ABAP Server\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u672a\u80fd\u6b63\u786e\u8fc7\u6ee4\u6784\u9020\u547d\u4ee4\u7279\u6b8a\u5b57\u7b26\u3001\u547d\u4ee4\u7b49\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u4efb\u610f\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u5230\u901a\u7528\u6269\u5c55\u4e2d\u4e0d\u53d7\u4fdd\u62a4\u7684\u53c2\u6570\u4e2d\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SAP NetWeaver ABAP Server\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SAP SAP NetWeaver ABAP Server 600",
      "SAP SAP NetWeaver ABAP Server 602",
      "SAP SAP NetWeaver ABAP Server 603",
      "SAP SAP NetWeaver ABAP Server 604",
      "SAP SAP NetWeaver ABAP Server 605",
      "SAP SAP NetWeaver ABAP Server 606",
      "SAP SAP NetWeaver ABAP Server 617",
      "SAP SAP NetWeaver ABAP Server 618",
      "SAP SAP NetWeaver ABAP Server 800",
      "SAP SAP NetWeaver ABAP Server 802",
      "SAP SAP NetWeaver ABAP Server 803",
      "SAP SAP NetWeaver ABAP Server 804",
      "SAP SAP NetWeaver ABAP Server 805",
      "SAP SAP NetWeaver ABAP Server 806",
      "SAP SAP NetWeaver ABAP Server 807"
    ]
  },
  "referenceLink": "https://me.sap.com/notes/3350297",
  "serverity": "\u9ad8",
  "submitTime": "2023-07-14",
  "title": "SAP NetWeaver ABAP Server\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.