Lucene search
MitreCVELIST:CVE-2010-5326HistoryMay 13, 2016 - 10:00 a.m.
CVE-2010-5326
2016-05-1310:00:00
mitre
www.cve.org
6
The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a โDetourโ attack.
References
service.sap.com/sap/support/notes/1445998
www.onapsis.com/research/publications/sap-security-in-depth-vol4-the-invoker-servlet-a-dangerous-detour-into-sap-java-solutions
www.securityfocus.com/bid/48925
www.securityfocus.com/bid/90533
www.us-cert.gov/ncas/alerts/TA16-132A
www.onapsis.com/threat-report-tip-iceberg-wild-exploitation-cyber-attacks-sap-business-applications
Related
nvd
nvd
CVE-2010-5326
2016-05-13 10:59:00
attackerkb
attackerkb
CVE-2010-5326
2016-05-13 00:00:00
nessus
nessus
SAP NetWeaver AS Java Invoker Servlet Code Execution (1445998)
2021-04-09 00:00:00
cisa_kev
cisa_kev
SAP NetWeaver Remote Code Execution Vulnerability
2021-11-03 00:00:00
prion
prion
Authentication flaw
2016-05-13 10:59:00
cve
cve
CVE-2010-5326
2016-05-13 10:59:00
thn
thn
Researchers Uncover Hacker Group Behind Organized Financial-Theft Operation
2022-01-05 13:40:00
Watch Out! Mission Critical SAP Applications Are Under Active Attack
2021-04-06 13:43:00
threatpost
threatpost
โElephant Beetleโ Lurks for Months in Networks
2022-01-05 22:18:28
SAP Bugs Under Active Cyberattack
2021-04-06 18:47:57
rapid7blog
rapid7blog
Attackers Targeting Fortinet Devices and SAP Applications
2021-04-08 17:18:07
qualysblog
qualysblog
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00