 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.106082 |
| Category: | Web application abuses |
| Title: | SAP NetWeaver Multiple Vulnerabilities (1585527, 1583300, 1585527) |
| Summary: | SAP NetWeaver is prone to multiple vulnerabilities.;; This VT has been deprecated because it is covering a currently unsupported product. It is; therefore no longer functional. |
| Description: | Summary: SAP NetWeaver is prone to multiple vulnerabilities. This VT has been deprecated because it is covering a currently unsupported product. It is therefore no longer functional. Vulnerability Insight: SAP NetWeaver contains multiple vulnerabilities: - CVE-2012-1289: Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to b2b/admin/log.jsp, b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or ipc/admin/log.jsp or ipc/admin/log_view.jsp in the Application Administration (com.sap.ipc.webapp.ipc) component. - CVE-2012-1290: Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter. - CVE-2012-1291: Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the EnableInvokerServletGlobally property in the servlet_jsp service. - CVE-2012-1292: Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vectors. Vulnerability Impact: A remote attacker may obtain sensitive information or read arbitrary files. Affected Software/OS: SAP NetWeaver version 7.0. Solution: See the referenced vendor advisories for a solution. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-1289 BugTraq ID: 52101 http://www.securityfocus.com/bid/52101 http://dsecrg.com/pages/vul/show.php?id=412 http://dsecrg.com/pages/vul/show.php?id=413 https://service.sap.com/sap/support/notes/1585527 http://secunia.com/advisories/47861 XForce ISS Database: netweaver-logview-directory-traversal(73346) https://exchange.xforce.ibmcloud.com/vulnerabilities/73346 Common Vulnerability Exposure (CVE) ID: CVE-2012-1290 http://dsecrg.com/pages/vul/show.php?id=414 https://service.sap.com/sap/support/notes/1583300 Common Vulnerability Exposure (CVE) ID: CVE-2012-1291 http://dsecrg.com/pages/vul/show.php?id=415 Common Vulnerability Exposure (CVE) ID: CVE-2012-1292 http://dsecrg.com/pages/vul/show.php?id=416 |
| Copyright | Copyright (C) 2016 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |