var-200904-0224
Vulnerability from variot
Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI 6.40 Patch 29 (KWEDIT.DLL 6400.1.1.41) and 7.10 Patch 5 (KWEDIT.DLL 7100.1.1.43) allows remote attackers to (1) overwrite arbitrary files via the SaveDocumentAs method or (2) read or execute arbitrary files via the OpenDocument method. SAP AG SAPgui KWEdit ActiveX control is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows an attacker to execute arbitrary code in the context of the application running the affected control (typically Internet Explorer). This issue affects the following: SAPgui 6.40 Patch Level 29 with KWEDIT.DLL 6400.1.1.41 SAPgui 7.10 Patch Level 5 with KWEDIT.DLL 7100.1.1.43 Other versions may be vulnerable as well. ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Other versions may also be affected.
ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2008-56/
SAP Note 1294913: https://service.sap.com/sap/support/notes/1294913
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
====================================================================== 2) Severity
Rating: Highly critical Impact: System compromise Where: Remote
====================================================================== 3) Vendor's Description of Software
"SAP GUI is SAP's universal client for accessing SAP functionality in SAP applications such as - SAP ERP, SAP Business Suite (SAP CRM, SAP SCM and SAP PLM), SAP Business Intelligence and so on. SAP GUI functions like a browser. It gets information from the SAP server like what, where, when and how, to display contents in its window.".
Product Link: https://www.sdn.sap.com/irj/sdn/sap-gui
====================================================================== 4) Description of Vulnerability
Secunia Research has discovered a security issue in SAP GUI, which can be exploited by malicious people to gain knowledge of sensitive information, corrupt files, or compromise a user's system.
The problem is that the bundled KWEdit ActiveX control (KWEDIT.DLL) provides the insecure method "SaveDocumentAs()", which saves an HTML document to a specified location. This can be exploited in combination with e.g.
====================================================================== 5) Solution
Update to the latest versions, which reportedly set the kill-bit for the ActiveX control.
====================================================================== 6) Time Table
28/11/2008 - Vendor notified. 28/11/2008 - Vendor response. 14/01/2009 - Vendor provides patch for testing. 16/01/2009 - Vendor informed that patch prevents exploitation. 02/03/2009 - Status update requested. 02/03/2009 - Vendor provides status update. 15/04/2009 - Public disclosure.
====================================================================== 7) Credits
Discovered by Carsten Eiram, Secunia Research.
====================================================================== 8) References
SAP Note 1294913: https://service.sap.com/sap/support/notes/1294913
The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2008-4830 for the vulnerability.
====================================================================== 9) About Secunia
Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general:
http://secunia.com/secunia_research/
Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions:
http://secunia.com/corporate/jobs/
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/advisories/mailing_lists/
====================================================================== 10) Verification
Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2008-56/
Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/
======================================================================
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0224",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gui",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": "6.40"
},
{
"model": "gui",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": "7.10"
},
{
"model": "gui",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "6.40 patch 29 and 7.10 patch 5"
},
{
"model": "ag sapgui patch level",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.105"
},
{
"model": "ag sapgui patch level",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "6.4029"
}
],
"sources": [
{
"db": "BID",
"id": "34524"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005299"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-336"
},
{
"db": "NVD",
"id": "CVE-2008-4830"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:sap:gui",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-005299"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carsten Eiram",
"sources": [
{
"db": "BID",
"id": "34524"
},
{
"db": "PACKETSTORM",
"id": "76690"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-336"
}
],
"trust": 1.0
},
"cve": "CVE-2008-4830",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2008-4830",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-4830",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2008-4830",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-336",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-005299"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-336"
},
{
"db": "NVD",
"id": "CVE-2008-4830"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI 6.40 Patch 29 (KWEDIT.DLL 6400.1.1.41) and 7.10 Patch 5 (KWEDIT.DLL 7100.1.1.43) allows remote attackers to (1) overwrite arbitrary files via the SaveDocumentAs method or (2) read or execute arbitrary files via the OpenDocument method. SAP AG SAPgui KWEdit ActiveX control is prone to a remote code-execution vulnerability. \nSuccessfully exploiting this issue allows an attacker to execute arbitrary code in the context of the application running the affected control (typically Internet Explorer). \nThis issue affects the following:\nSAPgui 6.40 Patch Level 29 with KWEDIT.DLL 6400.1.1.41\nSAPgui 7.10 Patch Level 5 with KWEDIT.DLL 7100.1.1.43\nOther versions may be vulnerable as well. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. Other versions may also be affected. \n\nORIGINAL ADVISORY:\nSecunia Research:\nhttp://secunia.com/secunia_research/2008-56/\n\nSAP Note 1294913:\nhttps://service.sap.com/sap/support/notes/1294913\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\n====================================================================== \n2) Severity \n\nRating: Highly critical\nImpact: System compromise\nWhere: Remote\n\n====================================================================== \n3) Vendor\u0027s Description of Software \n\n\"SAP GUI is SAP\u0027s universal client for accessing SAP functionality in\nSAP applications such as - SAP ERP, SAP Business Suite (SAP CRM, SAP\nSCM and SAP PLM), SAP Business Intelligence and so on. SAP GUI\nfunctions like a browser. It gets information from the SAP server like\nwhat, where, when and how, to display contents in its window.\". \n\nProduct Link:\nhttps://www.sdn.sap.com/irj/sdn/sap-gui\n\n====================================================================== \n4) Description of Vulnerability\n\nSecunia Research has discovered a security issue in SAP GUI, which can\nbe exploited by malicious people to gain knowledge of sensitive \ninformation, corrupt files, or compromise a user\u0027s system. \n\nThe problem is that the bundled KWEdit ActiveX control (KWEDIT.DLL) \nprovides the insecure method \"SaveDocumentAs()\", which saves an HTML \ndocument to a specified location. This can be exploited in combination\nwith e.g. \n\n====================================================================== \n5) Solution \n\nUpdate to the latest versions, which reportedly set the kill-bit for \nthe ActiveX control. \n\n====================================================================== \n6) Time Table \n\n28/11/2008 - Vendor notified. \n28/11/2008 - Vendor response. \n14/01/2009 - Vendor provides patch for testing. \n16/01/2009 - Vendor informed that patch prevents exploitation. \n02/03/2009 - Status update requested. \n02/03/2009 - Vendor provides status update. \n15/04/2009 - Public disclosure. \n\n====================================================================== \n7) Credits \n\nDiscovered by Carsten Eiram, Secunia Research. \n\n====================================================================== \n8) References\n\nSAP Note 1294913:\nhttps://service.sap.com/sap/support/notes/1294913\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned \nCVE-2008-4830 for the vulnerability. \n\n====================================================================== \n9) About Secunia\n\nSecunia offers vulnerability management solutions to corporate\ncustomers with verified and reliable vulnerability intelligence\nrelevant to their specific system configuration:\n\nhttp://secunia.com/advisories/business_solutions/\n\nSecunia also provides a publicly accessible and comprehensive advisory\ndatabase as a service to the security community and private \nindividuals, who are interested in or concerned about IT-security. \n\nhttp://secunia.com/advisories/\n\nSecunia believes that it is important to support the community and to\ndo active vulnerability research in order to aid improving the \nsecurity and reliability of software in general:\n\nhttp://secunia.com/secunia_research/\n\nSecunia regularly hires new skilled team members. Check the URL below\nto see currently vacant positions:\n\nhttp://secunia.com/corporate/jobs/\n\nSecunia offers a FREE mailing list called Secunia Security Advisories:\n\nhttp://secunia.com/advisories/mailing_lists/\n\n====================================================================== \n10) Verification \n\nPlease verify this advisory by visiting the Secunia website:\nhttp://secunia.com/secunia_research/2008-56/\n\nComplete list of vulnerability reports published by Secunia Research:\nhttp://secunia.com/secunia_research/\n\n======================================================================\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-4830"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005299"
},
{
"db": "BID",
"id": "34524"
},
{
"db": "PACKETSTORM",
"id": "76718"
},
{
"db": "PACKETSTORM",
"id": "76690"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-4830",
"trust": 2.8
},
{
"db": "BID",
"id": "34524",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "32869",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1022062",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2009-1043",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005299",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20090415 SECUNIA RESEARCH: SAP GUI KWEDIT ACTIVEX CONTROL \"SAVEDOCUMENTAS()\" INSECURE METHOD",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-336",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "76718",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76690",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34524"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005299"
},
{
"db": "PACKETSTORM",
"id": "76718"
},
{
"db": "PACKETSTORM",
"id": "76690"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-336"
},
{
"db": "NVD",
"id": "CVE-2008-4830"
}
]
},
"id": "VAR-200904-0224",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.212367725
},
"last_update_date": "2024-11-23T22:50:02.037000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP GUI",
"trust": 0.8,
"url": "http://help.sap.com/saphelp_smehp1/helpdata/ja/4f/472e42e1ef5633e10000000a155106/content.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-005299"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-005299"
},
{
"db": "NVD",
"id": "CVE-2008-4830"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://secunia.com/secunia_research/2008-56/"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2009/1043"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id?1022062"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/34524"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/32869"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/502698/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4830"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-4830"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/502698/100/0/threaded"
},
{
"trust": 0.5,
"url": "https://service.sap.com/sap/support/notes/1294913"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/kb/240797"
},
{
"trust": 0.3,
"url": "http://www.sap.com/"
},
{
"trust": 0.3,
"url": "/archive/1/502698"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/32869/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_research/"
},
{
"trust": 0.1,
"url": "http://secunia.com/corporate/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/mailing_lists/"
},
{
"trust": 0.1,
"url": "https://www.sdn.sap.com/irj/sdn/sap-gui"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4830"
}
],
"sources": [
{
"db": "BID",
"id": "34524"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005299"
},
{
"db": "PACKETSTORM",
"id": "76718"
},
{
"db": "PACKETSTORM",
"id": "76690"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-336"
},
{
"db": "NVD",
"id": "CVE-2008-4830"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34524"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005299"
},
{
"db": "PACKETSTORM",
"id": "76718"
},
{
"db": "PACKETSTORM",
"id": "76690"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-336"
},
{
"db": "NVD",
"id": "CVE-2008-4830"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-15T00:00:00",
"db": "BID",
"id": "34524"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-005299"
},
{
"date": "2009-04-16T12:47:33",
"db": "PACKETSTORM",
"id": "76718"
},
{
"date": "2009-04-15T21:04:55",
"db": "PACKETSTORM",
"id": "76690"
},
{
"date": "2009-04-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-336"
},
{
"date": "2009-04-16T15:12:57.297000",
"db": "NVD",
"id": "CVE-2008-4830"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-12-03T13:55:00",
"db": "BID",
"id": "34524"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-005299"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-336"
},
{
"date": "2024-11-21T00:52:40.567000",
"db": "NVD",
"id": "CVE-2008-4830"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-336"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP GUI of KWEdit ActiveX Vulnerability to overwrite arbitrary files in Control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-005299"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-336"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.