SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedicated for the internal cluster communication. As result, an unauthenticated attacker can invoke certain functions that would otherwise be restricted to system administrators only, including access to system administration functions or shutting down the system completely.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sap netweaver application server java 7.11 |
||
sap netweaver application server java 7.20 |
||
sap netweaver application server java 7.30 |
||
sap netweaver application server java 7.31 |
||
sap netweaver application server java 7.40 |
||
sap netweaver application server java 7.50 |
Light load from Redmond as everyone else seeks to bury bad news, sorry, align in update cadence
Patch Tuesday For December's Patch Tuesday bug bonanza, Microsoft handed out fixes for a mere 58 vulnerabilities while various other orgs addressed shortcomings in their own software in separate, parallel announcements. On the one hand, vendors glommed to Microsoft's Patch Tuesday on the pretense that users and system administrators could plan their patching around a regular, monthly cadence. On the other hand, it lets developers emit all their bad news at once and ideally avoid headlines specif...