 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.106082 |
| Categoría: | Web application abuses |
| Título: | SAP NetWeaver Multiple Vulnerabilities (1585527, 1583300, 1585527) |
| Resumen: | SAP NetWeaver is prone to multiple vulnerabilities.;; This VT has been deprecated because it is covering a currently unsupported product. It is; therefore no longer functional. |
| Descripción: | Summary: SAP NetWeaver is prone to multiple vulnerabilities. This VT has been deprecated because it is covering a currently unsupported product. It is therefore no longer functional. Vulnerability Insight: SAP NetWeaver contains multiple vulnerabilities: - CVE-2012-1289: Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to b2b/admin/log.jsp, b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or ipc/admin/log.jsp or ipc/admin/log_view.jsp in the Application Administration (com.sap.ipc.webapp.ipc) component. - CVE-2012-1290: Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter. - CVE-2012-1291: Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the EnableInvokerServletGlobally property in the servlet_jsp service. - CVE-2012-1292: Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vectors. Vulnerability Impact: A remote attacker may obtain sensitive information or read arbitrary files. Affected Software/OS: SAP NetWeaver version 7.0. Solution: See the referenced vendor advisories for a solution. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-1289 BugTraq ID: 52101 http://www.securityfocus.com/bid/52101 http://dsecrg.com/pages/vul/show.php?id=412 http://dsecrg.com/pages/vul/show.php?id=413 https://service.sap.com/sap/support/notes/1585527 http://secunia.com/advisories/47861 XForce ISS Database: netweaver-logview-directory-traversal(73346) https://exchange.xforce.ibmcloud.com/vulnerabilities/73346 Common Vulnerability Exposure (CVE) ID: CVE-2012-1290 http://dsecrg.com/pages/vul/show.php?id=414 https://service.sap.com/sap/support/notes/1583300 Common Vulnerability Exposure (CVE) ID: CVE-2012-1291 http://dsecrg.com/pages/vul/show.php?id=415 Common Vulnerability Exposure (CVE) ID: CVE-2012-1292 http://dsecrg.com/pages/vul/show.php?id=416 |
| Copyright | Copyright (C) 2016 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |