Описание
By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50).
Ссылки
- Third Party AdvisoryVDB Entry
- Permissions Required
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Permissions Required
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:netweaver_application_server_java:7.11:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:7.20:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:7.30:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:7.31:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:7.40:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:*
EPSS
Процентиль: 40%
0.00186
Низкий
7.4 High
CVSS3
3.3 Low
CVSS2
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 7.4
github
больше 3 лет назад
By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50).
CVSS3: 7.4
fstec
около 7 лет назад
Уязвимость службы keystore программной интеграционной платформы SAP NetWeaver, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
Процентиль: 40%
0.00186
Низкий
7.4 High
CVSS3
3.3 Low
CVSS2
Дефекты
CWE-862