CVE-2012-1291

Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the EnableInvokerServletGlobally property in the servlet_jsp service.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://dsecrg.com/pages/vul/show.php?id=415
http://secunia.com/advisories/47861	Vendor Advisory
http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a
http://www.securityfocus.com/bid/52101
https://service.sap.com/sap/support/notes/1585527

Configurations

Configuration 1 (hide)

cpe:2.3:a:sap:netweaver:7.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-02-23 20:07

Updated : 2012-02-24 05:00

NVD link : CVE-2012-1291

Mitre link : CVE-2012-1291

CVE.ORG link : CVE-2012-1291

JSON object : View

Products Affected

sap

netweaver

CWE

NVD-CWE-noinfo

{"id": "CVE-2012-1291", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-02-23T20:07:25.957", "references": [{"url": "http://dsecrg.com/pages/vul/show.php?id=415", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/47861", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/52101", "source": "cve@mitre.org"}, {"url": "https://service.sap.com/sap/support/notes/1585527", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the EnableInvokerServletGlobally property in the servlet_jsp service."}, {"lang": "es", "value": "Una vulnerabilidad no especificada en el servlet com.sap.aii.mdt.amt.web.AMTPageProcessor en SAP NetWeaver v7.0 permite a atacantes remotos obtener informaci\u00f3n sensible sobre el \"Adapter Monitor\" a trav\u00e9s de vectores no especificados. Posiblemente la vulnerabilidad esta relacionada con la propiedad EnableInvokerServletGlobally en el servicio servlet_jsp."}], "lastModified": "2012-02-24T05:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41FAC5DD-D577-47F9-B0CA-006032256642"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}