Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cisa_kevCISACISA-KEV-CVE-2010-5326
HistoryNov 03, 2021 - 12:00 a.m.

SAP NetWeaver Remote Code Execution Vulnerability

2021-11-0300:00:00
CISA
www.cisa.gov
4
sap netweaver
remote code execution
vulnerability
application server
java platforms
invoker servlet
authentication
http
https

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.212

Percentile

96.5%

JSON

SAP NetWeaver Application Server Java Platforms Invoker Servlet does not require authentication, allowing for remote code execution via a HTTP or HTTPS request.

Related

cvelist 1
nvd 1
nessus 1
prion 1
attackerkb 1
cve 1
thn 2
threatpost 2
rapid7blog 1
qualysblog 1
cvelist
cvelist
CVE-2010-5326
2016-05-13 10:00:00
nvd
nvd
CVE-2010-5326
2016-05-13 10:59:00
nessus
nessus
SAP NetWeaver AS Java Invoker Servlet Code Execution (1445998)
2021-04-09 00:00:00
prion
prion
Authentication flaw
2016-05-13 10:59:00
attackerkb
attackerkb
CVE-2010-5326
2016-05-13 00:00:00
cve
cve
CVE-2010-5326
2016-05-13 10:59:00
thn
thn
Researchers Uncover Hacker Group Behind Organized Financial-Theft Operation
2022-01-05 13:40:00
Watch Out! Mission Critical SAP Applications Are Under Active Attack
2021-04-06 13:43:00
threatpost
threatpost
β€˜Elephant Beetle’ Lurks for Months in Networks
2022-01-05 22:18:28
SAP Bugs Under Active Cyberattack
2021-04-06 18:47:57
rapid7blog
rapid7blog
Attackers Targeting Fortinet Devices and SAP Applications
2021-04-08 17:18:07
qualysblog
qualysblog
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.212

Percentile

96.5%

JSON
Related for CISA-KEV-CVE-2010-5326
cvelist1nvd1nessus1prion1attackerkb1cve1thn2threatpost2rapid7blog1qualysblog1