PT-2016-5786 · Sap · Sap Netweaver As Java

Vahagn Vardanyan

Publicado

2016-04-07

Atualizado

2021-04-20

CVE-2016-3974

CVSS v3.1

9.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Java AS versions 7.1 through 7.5

Description The issue allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to the "http:// tc~~monitoring~~webservice~web/ServerNodesWSService" API endpoint.

Recommendations For SAP NetWeaver Java AS versions 7.1 through 7.5, apply the fix provided in SAP Security Note 2235994 to resolve the issue.

Exploit

Correção

XXE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-611

Identificadores relacionados

CVE-2016-3974

Produtos afetados

Sap Netweaver As Java

PT-2016-5786 · Sap · Sap Netweaver As Java

CVE-2016-3974

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7