Lucene search

MitreCVE-2015-5067

HistoryJun 24, 2015 - 2:59 p.m.

CVE-2015-5067

2015-06-2414:59:09

CWE-255

mitre

web.nvd.nist.gov

sap

netweaver

hardcoded credentials

vulnerability

cve-2015-5067

nvd

sap security notes

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.017

Percentile

88.0%

JSON

The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982.

Affected configurations

Nvd

Node

sapnetweaverMatch-

VendorProductVersionCPE
sapnetweaver-cpe:2.3:a:sap:netweaver:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	netweaver	-	cpe:2.3:a:sap:netweaver:-:::::::*

References

packetstormsecurity.com/files/133515/SAP-NetWeaver-AS-FKCDBFTRACE-ABAP-Hardcoded-Credentials.html

packetstormsecurity.com/files/133516/SAP-NetWeaver-AS-LSCT1I13-ABAP-Hardcoded-Credentials.html

scn.sap.com/community/security/blog/2015/06/11/sap-security-notes-june-2015

www.securityfocus.com/bid/75165

erpscan.io/advisories/erpscan-15-015-sap-netweaver-hardcoded-credentials/

erpscan.io/advisories/erpscan-15-016-sap-netweaver-hardcoded-credentials/

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.017

Percentile

88.0%

JSON

Related for CVE-2015-5067