Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv3

CVE-2010-5326

Published: 13/05/2016 Updated: 20/04/2021
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 10 | Impact Score: 6 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Sap

Vulnerability Summary

The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly prior to 7.3, does not require authentication, which allows remote malicious users to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "Detour" attack.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sap netweaver application server java

Recent Articles

SAP: It takes exploit devs about 72 hours to turn one of our security patches into a weapon against customers
The Register • Thomas Claburn in San Francisco • 06 Apr 2021

So please don't delay in applying updates, says, well, everyone Beware the IDEs of March: Microsoft's latest monthly fixes land after frantic Exchange Server updates

SAP and security analysts Onapsis say cyber-criminals are pretty quick to analyze the enterprise software outfit's patches and develop exploits to get into vulnerable systems. In a joint report issued by the two organizations, Mariano Nunez, CEO of Onapsis, cited "conclusive evidence that cyberattackers are actively targeting and exploiting unsecured SAP applications," and warned time was of the essence, reporting "SAP vulnerabilities being weaponized in less than 72 hours since the release of p...

Read more...

References

NVD-CWE-noinfohttps://www.onapsis.com/threat-report-tip-iceberg-wild-exploitation-cyber-attacks-sap-business-applicationshttp://www.onapsis.com/research/publications/sap-security-in-depth-vol4-the-invoker-servlet-a-dangerous-detour-into-sap-java-solutionshttp://www.us-cert.gov/ncas/alerts/TA16-132Ahttp://www.securityfocus.com/bid/48925http://service.sap.com/sap/support/notes/1445998http://www.securityfocus.com/bid/90533https://nvd.nist.govhttps://www.theregister.co.uk/2021/04/06/sap_patch_attacks/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook