VAR-201302-0416
Vulnerability from variot - Updated: 2022-05-17 01:43There is a security vulnerability in SAP NetWeaver, and the application does not properly restrict access to GRMGApp, allowing an attacker to exploit the vulnerability to send administrative commands to the gateway or message server. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. There is a security vulnerability in SAP NetWeaver. There is an unspecified error in GRMGApp when parsing external XML entities, allowing an attacker to exploit the vulnerability to read local file content
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201302-0416",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netweaver",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": "7.x"
}
],
"sources": [
{
"db": "IVD",
"id": "cf3db9e4-1f34-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "ccc04506-1f34-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01257"
},
{
"db": "CNVD",
"id": "CNVD-2013-01259"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": null,
"accessVector": null,
"authentication": null,
"author": "IVD",
"availabilityImpact": null,
"baseScore": null,
"confidentialityImpact": null,
"exploitabilityScore": null,
"id": "cf3db9e4-1f34-11e6-abef-000c29c66e3d",
"impactScore": null,
"integrityImpact": null,
"severity": null,
"trust": 0.2,
"vectorString": null,
"version": "unknown"
},
{
"accessComplexity": null,
"accessVector": null,
"authentication": null,
"author": "IVD",
"availabilityImpact": null,
"baseScore": null,
"confidentialityImpact": null,
"exploitabilityScore": null,
"id": "ccc04506-1f34-11e6-abef-000c29c66e3d",
"impactScore": null,
"integrityImpact": null,
"severity": null,
"trust": 0.2,
"vectorString": null,
"version": "unknown"
}
],
"cvssV3": [],
"severity": [
{
"author": "IVD",
"id": "cf3db9e4-1f34-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "ccc04506-1f34-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "cf3db9e4-1f34-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "ccc04506-1f34-11e6-abef-000c29c66e3d"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There is a security vulnerability in SAP NetWeaver, and the application does not properly restrict access to GRMGApp, allowing an attacker to exploit the vulnerability to send administrative commands to the gateway or message server. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. There is a security vulnerability in SAP NetWeaver. There is an unspecified error in GRMGApp when parsing external XML entities, allowing an attacker to exploit the vulnerability to read local file content",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-01257"
},
{
"db": "CNVD",
"id": "CNVD-2013-01259"
},
{
"db": "IVD",
"id": "cf3db9e4-1f34-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "ccc04506-1f34-11e6-abef-000c29c66e3d"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "52272",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2013-01257",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-01259",
"trust": 0.8
},
{
"db": "IVD",
"id": "CF3DB9E4-1F34-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "CCC04506-1F34-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "cf3db9e4-1f34-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "ccc04506-1f34-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01257"
},
{
"db": "CNVD",
"id": "CNVD-2013-01259"
}
]
},
"id": "VAR-201302-0416",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "cf3db9e4-1f34-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "ccc04506-1f34-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01257"
},
{
"db": "CNVD",
"id": "CNVD-2013-01259"
}
],
"trust": 1.8691792200000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.6
}
],
"sources": [
{
"db": "IVD",
"id": "cf3db9e4-1f34-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "ccc04506-1f34-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01257"
},
{
"db": "CNVD",
"id": "CNVD-2013-01259"
}
]
},
"last_update_date": "2022-05-17T01:43:25.801000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP NetWeaver GRMGApp security bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/32164"
},
{
"title": "Patch for SAP NetWeaver GRMGApp XML File Parsing Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/32165"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-01257"
},
{
"db": "CNVD",
"id": "CNVD-2013-01259"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "http://secunia.com/advisories/52272/http"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-01257"
},
{
"db": "CNVD",
"id": "CNVD-2013-01259"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "cf3db9e4-1f34-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "ccc04506-1f34-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01257"
},
{
"db": "CNVD",
"id": "CNVD-2013-01259"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-02-25T00:00:00",
"db": "IVD",
"id": "cf3db9e4-1f34-11e6-abef-000c29c66e3d"
},
{
"date": "2013-02-25T00:00:00",
"db": "IVD",
"id": "ccc04506-1f34-11e6-abef-000c29c66e3d"
},
{
"date": "2013-02-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-01257"
},
{
"date": "2013-02-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-01259"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-02-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-01257"
},
{
"date": "2013-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-01259"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP NetWeaver GRMGApp Security Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "cf3db9e4-1f34-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01257"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access verification error",
"sources": [
{
"db": "IVD",
"id": "cf3db9e4-1f34-11e6-abef-000c29c66e3d"
}
],
"trust": 0.2
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…