Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for netweaver_internet_transaction_server by sap

    CVE-2017-16682 (GCVE-0-2017-16682)

    Vulnerability from nvd – Published: 2017-12-12 14:00 – Updated: 2024-09-16 22:39
    VLAI
    Summary
    SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application.
    Severity
    No CVSS data available.
    CWE
    • Code Injection
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SAP NetWeaver Internet Transaction Server (ITS) Affected: from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52
    Create a notification for this product.
    Date Public
    2017-12-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:35:19.953Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "102143",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102143"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2526781"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver Internet Transaction Server (ITS)",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52"
                }
              ]
            }
          ],
          "datePublic": "2017-12-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-13T10:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "name": "102143",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102143"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2526781"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "DATE_PUBLIC": "2017-12-12T00:00:00",
              "ID": "CVE-2017-16682",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver Internet Transaction Server (ITS)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Code Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "102143",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102143"
                },
                {
                  "name": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/",
                  "refsource": "CONFIRM",
                  "url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2526781",
                  "refsource": "CONFIRM",
                  "url": "https://launchpad.support.sap.com/#/notes/2526781"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2017-16682",
        "datePublished": "2017-12-12T14:00:00.000Z",
        "dateReserved": "2017-11-09T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:39:53.093Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-16682 (GCVE-0-2017-16682)

    Vulnerability from cvelistv5 – Published: 2017-12-12 14:00 – Updated: 2024-09-16 22:39
    VLAI
    Summary
    SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application.
    Severity
    No CVSS data available.
    CWE
    • Code Injection
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SAP NetWeaver Internet Transaction Server (ITS) Affected: from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52
    Create a notification for this product.
    Date Public
    2017-12-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:35:19.953Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "102143",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102143"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2526781"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver Internet Transaction Server (ITS)",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52"
                }
              ]
            }
          ],
          "datePublic": "2017-12-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-13T10:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "name": "102143",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102143"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2526781"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "DATE_PUBLIC": "2017-12-12T00:00:00",
              "ID": "CVE-2017-16682",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver Internet Transaction Server (ITS)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Code Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "102143",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102143"
                },
                {
                  "name": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/",
                  "refsource": "CONFIRM",
                  "url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2526781",
                  "refsource": "CONFIRM",
                  "url": "https://launchpad.support.sap.com/#/notes/2526781"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2017-16682",
        "datePublished": "2017-12-12T14:00:00.000Z",
        "dateReserved": "2017-11-09T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:39:53.093Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }