var-201112-0297
Vulnerability from variot
Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet. The CTC service has an error when performing some verification checks and can be utilized to access user management and OS command execution functions. Inputs passed to the BAPI Explorer through partial transactions are missing prior to use and can be exploited to inject arbitrary HTML and script code that can be executed on the target user's browser when viewed maliciously. When using transaction \"sa38\", RSTXSCRP reports an error and can be exploited to inject any UNC path through the \"File Name\" field. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. TH_GREP reports an error when processing a partial SOAP request, and can inject any SHELL command with the \"
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201112-0297", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "netweaver", "scope": "eq", "trust": 5.9, "vendor": "sap", "version": "7.0" }, { "model": "netweaver sp15", "scope": "eq", "trust": 4.5, "vendor": "sap", "version": "7.0" }, { "model": "netweaver sp8", "scope": "eq", "trust": 4.5, "vendor": "sap", "version": "7.0" }, { "model": "netweaver", "scope": "eq", "trust": 4.5, "vendor": "sap", "version": "7.10" }, { "model": "netweaver", "scope": "eq", "trust": 4.5, "vendor": "sap", "version": "7.30" }, { "model": "netweaver", "scope": "eq", "trust": 4.5, "vendor": "sap", "version": "7.02" }, { "model": "netweaver", "scope": "eq", "trust": 4.5, "vendor": "sap", "version": "7.01" }, { "model": "netweaver sp15", "scope": "eq", "trust": 1.4, "vendor": "sap", "version": "7.0*" }, { "model": "netweaver sp8", "scope": "eq", "trust": 1.4, "vendor": "sap", "version": "7.0*" }, { "model": "netweaver", "scope": "eq", "trust": 1.4, "vendor": "sap", "version": "7.10*" }, { "model": "netweaver", "scope": "eq", "trust": 1.4, "vendor": "sap", "version": "7.30*" }, { "model": "netweaver", "scope": "eq", "trust": 1.4, "vendor": "sap", "version": "7.02*" }, { "model": "netweaver", "scope": "eq", "trust": 1.4, "vendor": "sap", "version": "7.01*" }, { "model": "netweaver", "scope": null, "trust": 1.4, "vendor": "sap", "version": null }, { "model": "netweaver", "scope": "eq", "trust": 1.0, "vendor": "sap", "version": "*" } ], "sources": [ { "db": "IVD", "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "3a022216-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "40204c22-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2011-4916" }, { "db": "CNVD", "id": "CNVD-2011-4917" }, { "db": "CNVD", "id": "CNVD-2011-4915" }, { "db": "CNVD", "id": "CNVD-2011-4912" }, { "db": "CNVD", "id": "CNVD-2011-4914" }, { "db": "CNVD", "id": "CNVD-2011-4913" }, { "db": "CNVD", "id": "CNVD-2011-4911" }, { "db": "BID", "id": "50680" }, { "db": "JVNDB", "id": "JVNDB-2011-003325" }, { "db": "CNNVD", "id": "CNNVD-201112-122" }, { "db": "NVD", "id": "CVE-2011-4707" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:sap:netweaver", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-003325" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Dmitriy Chastuchin, Dmitriy Evdokimov, Alexandr Polyakov and Alexey Tyurin of Digital Security Research Group (DSecRG)", "sources": [ { "db": "BID", "id": "50680" } ], "trust": 0.3 }, "cve": "CVE-2011-4707", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2011-4707", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "3a022216-1f7f-11e6-abef-000c29c66e3d", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "40204c22-1f7f-11e6-abef-000c29c66e3d", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.9 [IVD]" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-4707", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2011-4707", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201112-122", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "IVD", "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "IVD", "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "IVD", "id": "3a022216-1f7f-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "IVD", "id": "40204c22-1f7f-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "IVD", "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "IVD", "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2011-4707", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "3a022216-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "40204c22-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d" }, { "db": "VULMON", "id": "CVE-2011-4707" }, { "db": "JVNDB", "id": "JVNDB-2011-003325" }, { "db": "CNNVD", "id": "CNNVD-201112-122" }, { "db": "NVD", "id": "CVE-2011-4707" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet. The CTC service has an error when performing some verification checks and can be utilized to access user management and OS command execution functions. Inputs passed to the BAPI Explorer through partial transactions are missing prior to use and can be exploited to inject arbitrary HTML and script code that can be executed on the target user\u0027s browser when viewed maliciously. When using transaction \\\"sa38\\\", RSTXSCRP reports an error and can be exploited to inject any UNC path through the \\\"File Name\\\" field. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. TH_GREP reports an error when processing a partial SOAP request, and can inject any SHELL command with the \\\"\u003cSTRING\u003e\\\" parameter. The SPML service allows users to perform cross-site request forgery attacks, and can log in to the user administrator context to perform arbitrary operations, such as creating arbitrary users. SAP Netweaver is prone to multiple cross-site scripting vulnerabilities, a path traversal vulnerability, an html-injection vulnerability, a cross-site request-forgery vulnerability, and an authentication-bypass vulnerability. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary commands in the context of the application, disclose sensitive information, perform certain administrative actions, gain unauthorized access, or bypass certain security restrictions", "sources": [ { "db": "NVD", "id": "CVE-2011-4707" }, { "db": "JVNDB", "id": "JVNDB-2011-003325" }, { "db": "CNVD", "id": "CNVD-2011-4917" }, { "db": "CNVD", "id": "CNVD-2011-4911" }, { "db": "CNVD", "id": "CNVD-2011-4913" }, { "db": "CNVD", "id": "CNVD-2011-4914" }, { "db": "CNVD", "id": "CNVD-2011-4912" }, { "db": "CNVD", "id": "CNVD-2011-4915" }, { "db": "CNVD", "id": "CNVD-2011-4916" }, { "db": "BID", "id": "50680" }, { "db": "IVD", "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "40204c22-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "3a022216-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d" }, { "db": "VULMON", "id": "CVE-2011-4707" } ], "trust": 7.02 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "BID", "id": "50680", "trust": 4.6 }, { "db": "NVD", "id": "CVE-2011-4707", "trust": 4.2 }, { "db": "CNNVD", "id": "CNNVD-201112-122", "trust": 2.0 }, { "db": "CNVD", "id": "CNVD-2011-4916", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2011-4915", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2011-4914", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2011-4917", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2011-4913", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2011-4912", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2011-4911", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2011-003325", "trust": 0.8 }, { "db": "BUGTRAQ", "id": "20111117 [DSECRG-11-036] SAP NETWAVER VIRUS SCAN INTERFACE - MULTIPLE XSS", "trust": 0.6 }, { "db": "IVD", "id": "3B9467EC-1F7F-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "3D199B1E-1F7F-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "3E98D306-1F7F-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "3A022216-1F7F-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "40204C22-1F7F-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "4119FC7C-1F7F-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "4247BD6E-1F7F-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULMON", "id": "CVE-2011-4707", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "3a022216-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "40204c22-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2011-4916" }, { "db": "CNVD", "id": "CNVD-2011-4917" }, { "db": "CNVD", "id": "CNVD-2011-4915" }, { "db": "CNVD", "id": "CNVD-2011-4912" }, { "db": "CNVD", "id": "CNVD-2011-4914" }, { "db": "CNVD", "id": "CNVD-2011-4913" }, { "db": "CNVD", "id": "CNVD-2011-4911" }, { "db": "VULMON", "id": "CVE-2011-4707" }, { "db": "BID", "id": "50680" }, { "db": "JVNDB", "id": "JVNDB-2011-003325" }, { "db": "CNNVD", "id": "CNNVD-201112-122" }, { "db": "NVD", "id": "CVE-2011-4707" } ] }, "id": "VAR-201112-0297", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "3a022216-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "40204c22-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2011-4916" }, { "db": "CNVD", "id": "CNVD-2011-4917" }, { "db": "CNVD", "id": "CNVD-2011-4915" }, { "db": "CNVD", "id": "CNVD-2011-4912" }, { "db": "CNVD", "id": "CNVD-2011-4914" }, { "db": "CNVD", "id": "CNVD-2011-4913" }, { "db": "CNVD", "id": "CNVD-2011-4911" } ], "trust": 6.093194613333333 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 5.6 } ], "sources": [ { "db": "IVD", "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "3a022216-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "40204c22-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2011-4916" }, { "db": "CNVD", "id": "CNVD-2011-4917" }, { "db": "CNVD", "id": "CNVD-2011-4915" }, { "db": "CNVD", "id": "CNVD-2011-4912" }, { "db": "CNVD", "id": "CNVD-2011-4914" }, { "db": "CNVD", "id": "CNVD-2011-4913" }, { "db": "CNVD", "id": "CNVD-2011-4911" } ] }, "last_update_date": "2024-11-29T22:57:57.328000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Acknowledgments to Security Researchers - 1546307", "trust": 0.8, "url": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a" }, { "title": "Patch for SAP NetWeaver Cross-Site Request Forgery Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/5913" }, { "title": "Patch for SAP NetWeaver Feature Access Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/5922" }, { "title": "Patch for SAP NetWeaver Command Injection Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/5912" }, { "title": "Patch for SAP NetWeaver Cross-Site Scripting Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/5909" }, { "title": "Patch for SAP NetWeaver Path Injection Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/5911" }, { "title": "Patch for SAP NetWeaver \u0027page\u0027 parameter cross-site scripting vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/5910" }, { "title": "SAP Netweaver Script Injection Vulnerability Patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/5908" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2011-4916" }, { "db": "CNVD", "id": "CNVD-2011-4917" }, { "db": "CNVD", "id": "CNVD-2011-4915" }, { "db": "CNVD", "id": "CNVD-2011-4912" }, { "db": "CNVD", "id": "CNVD-2011-4914" }, { "db": "CNVD", "id": "CNVD-2011-4913" }, { "db": "CNVD", "id": "CNVD-2011-4911" }, { "db": "JVNDB", "id": "JVNDB-2011-003325" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-003325" }, { "db": "NVD", "id": "CVE-2011-4707" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://dsecrg.com/pages/vul/show.php?id=336" }, { "trust": 1.7, "url": "https://service.sap.com/sap/support/notes/1546307" }, { "trust": 1.7, "url": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a" }, { "trust": 1.1, "url": "http://www.securityfocus.com/archive/1/520554/100/0/threaded" }, { "trust": 1.1, "url": "https://erpscan.io/advisories/dsecrg-11-036-sap-netwaver-virus-scan-interface-multiple-xss/" }, { "trust": 0.9, "url": "http://dsecrg.com/pages/vul/show.php?id=341" }, { "trust": 0.9, "url": "http://dsecrg.com/pages/vul/show.php?id=335" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4707" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4707" }, { "trust": 0.6, "url": "http://dsecrg.com/pages/vul/show.php?id=340http" }, { "trust": 0.6, "url": "http://dsecrg.com/pages/vul/show.php?id=339http" }, { "trust": 0.6, "url": "http://dsecrg.com/pages/vul/show.php?id=336http" }, { "trust": 0.6, "url": "http://dsecrg.com/pages/vul/show.php?id=338http" }, { "trust": 0.6, "url": "http://dsecrg.com/pages/vul/show.php?id=337http" }, { "trust": 0.6, "url": "http://www.securityfocus.com/archive/1/archive/1/520554/100/0/threaded" }, { "trust": 0.6, "url": "http://erpscan.com/advisories/dsecrg-11-036-sap-netwaver-virus-scan-interface-multiple-xss/" }, { "trust": 0.3, "url": "http://dsecrg.com/pages/vul/show.php?id=337" }, { "trust": 0.3, "url": "http://dsecrg.com/pages/vul/show.php?id=339" }, { "trust": 0.3, "url": "http://dsecrg.com/pages/vul/show.php?id=340" }, { "trust": 0.3, "url": "http://dsecrg.com/pages/vul/show.php?id=338" }, { "trust": 0.3, "url": "http://www.sap.com/platform/netweaver/index.epx" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/79.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.securityfocus.com/bid/50680" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2011-4916" }, { "db": "CNVD", "id": "CNVD-2011-4917" }, { "db": "CNVD", "id": "CNVD-2011-4915" }, { "db": "CNVD", "id": "CNVD-2011-4912" }, { "db": "CNVD", "id": "CNVD-2011-4914" }, { "db": "CNVD", "id": "CNVD-2011-4913" }, { "db": "CNVD", "id": "CNVD-2011-4911" }, { "db": "VULMON", "id": "CVE-2011-4707" }, { "db": "BID", "id": "50680" }, { "db": "JVNDB", "id": "JVNDB-2011-003325" }, { "db": "CNNVD", "id": "CNNVD-201112-122" }, { "db": "NVD", "id": "CVE-2011-4707" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "3a022216-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "40204c22-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2011-4916" }, { "db": "CNVD", "id": "CNVD-2011-4917" }, { "db": "CNVD", "id": "CNVD-2011-4915" }, { "db": "CNVD", "id": "CNVD-2011-4912" }, { "db": "CNVD", "id": "CNVD-2011-4914" }, { "db": "CNVD", "id": "CNVD-2011-4913" }, { "db": "CNVD", "id": "CNVD-2011-4911" }, { "db": "VULMON", "id": "CVE-2011-4707" }, { "db": "BID", "id": "50680" }, { "db": "JVNDB", "id": "JVNDB-2011-003325" }, { "db": "CNNVD", "id": "CNNVD-201112-122" }, { "db": "NVD", "id": "CVE-2011-4707" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-11-16T00:00:00", "db": "IVD", "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d" }, { "date": "2011-11-16T00:00:00", "db": "IVD", "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d" }, { "date": "2011-11-16T00:00:00", "db": "IVD", "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d" }, { "date": "2011-11-16T00:00:00", "db": "IVD", "id": "3a022216-1f7f-11e6-abef-000c29c66e3d" }, { "date": "2011-11-16T00:00:00", "db": "IVD", "id": "40204c22-1f7f-11e6-abef-000c29c66e3d" }, { "date": "2011-11-16T00:00:00", "db": "IVD", "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d" }, { "date": "2011-11-16T00:00:00", "db": "IVD", "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d" }, { "date": "2011-11-16T00:00:00", "db": "CNVD", "id": "CNVD-2011-4916" }, { "date": "2011-11-16T00:00:00", "db": "CNVD", "id": "CNVD-2011-4917" }, { "date": "2011-11-16T00:00:00", "db": "CNVD", "id": "CNVD-2011-4915" }, { "date": "2011-11-16T00:00:00", "db": "CNVD", "id": "CNVD-2011-4912" }, { "date": "2011-11-16T00:00:00", "db": "CNVD", "id": "CNVD-2011-4914" }, { "date": "2011-11-16T00:00:00", "db": "CNVD", "id": "CNVD-2011-4913" }, { "date": "2011-11-16T00:00:00", "db": "CNVD", "id": "CNVD-2011-4911" }, { "date": "2011-12-08T00:00:00", "db": "VULMON", "id": "CVE-2011-4707" }, { "date": "2011-11-15T00:00:00", "db": "BID", "id": "50680" }, { "date": "2011-12-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-003325" }, { "date": "2011-12-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201112-122" }, { "date": "2011-12-08T19:55:03.720000", "db": "NVD", "id": "CVE-2011-4707" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-11-16T00:00:00", "db": "CNVD", "id": "CNVD-2011-4916" }, { "date": "2011-11-16T00:00:00", "db": "CNVD", "id": "CNVD-2011-4917" }, { "date": "2011-11-16T00:00:00", "db": "CNVD", "id": "CNVD-2011-4915" }, { "date": "2011-11-16T00:00:00", "db": "CNVD", "id": "CNVD-2011-4912" }, { "date": "2011-11-16T00:00:00", "db": "CNVD", "id": "CNVD-2011-4914" }, { "date": "2011-11-16T00:00:00", "db": "CNVD", "id": "CNVD-2011-4913" }, { "date": "2011-11-16T00:00:00", "db": "CNVD", "id": "CNVD-2011-4911" }, { "date": "2018-12-10T00:00:00", "db": "VULMON", "id": "CVE-2011-4707" }, { "date": "2013-02-14T12:21:00", "db": "BID", "id": "50680" }, { "date": "2011-12-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-003325" }, { "date": "2011-12-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201112-122" }, { "date": "2024-11-21T01:32:49.703000", "db": "NVD", "id": "CVE-2011-4707" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201112-122" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SAP NetWeaver Cross-Site Request Forgery Vulnerability", "sources": [ { "db": "IVD", "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2011-4916" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cross-site scripting", "sources": [ { "db": "IVD", "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "3a022216-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "40204c22-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d" } ], "trust": 1.4 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.