CVE-2010-2347

The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 through 7.02, and Server Core (SERVERCORE) 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors.

CVSS v2.0 4.9 MEDIUM

4.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:S/C:P/I:P/A:N

Exploitability : 6.8 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0371.html
http://secunia.com/advisories/40223	Vendor Advisory
http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-005
http://www.securityfocus.com/archive/1/511855/100/0/threaded
http://www.securityfocus.com/bid/40916
http://www.securitytracker.com/id?1024114
https://exchange.xforce.ibmcloud.com/vulnerabilities/59502
https://service.sap.com/sap/support/notes/1425847
http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0371.html
http://secunia.com/advisories/40223	Vendor Advisory
http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-005
http://www.securityfocus.com/archive/1/511855/100/0/threaded
http://www.securityfocus.com/bid/40916
http://www.securitytracker.com/id?1024114
https://exchange.xforce.ibmcloud.com/vulnerabilities/59502
https://service.sap.com/sap/support/notes/1425847

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:j2ee_engine_core:6.40:::::::*
	cpe:2.3:a:sap:j2ee_engine_core:7.00:::::::*
	cpe:2.3:a:sap:j2ee_engine_core:7.01:::::::*
	cpe:2.3:a:sap:j2ee_engine_core:7.02:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:sap:server_core:7.10:::::::*
	cpe:2.3:a:sap:server_core:7.11:::::::*
	cpe:2.3:a:sap:server_core:7.20:::::::*
	cpe:2.3:a:sap:server_core:7.30:::::::*

History

21 Nov 2024, 01:16

Type	Values Removed	Values Added
References	~~() http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0371.html -~~	() http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0371.html -
References	~~() http://secunia.com/advisories/40223 - Vendor Advisory~~	() http://secunia.com/advisories/40223 - Vendor Advisory
References	~~() http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-005 -~~	() http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-005 -
References	~~() http://www.securityfocus.com/archive/1/511855/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/511855/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/40916 -~~	() http://www.securityfocus.com/bid/40916 -
References	~~() http://www.securitytracker.com/id?1024114 -~~	() http://www.securitytracker.com/id?1024114 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/59502 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/59502 -
References	~~() https://service.sap.com/sap/support/notes/1425847 -~~	() https://service.sap.com/sap/support/notes/1425847 -

Information

Published : 2010-06-21 19:30

Updated : 2024-11-21 01:16

NVD link : CVE-2010-2347

Mitre link : CVE-2010-2347

CVE.ORG link : CVE-2010-2347

JSON object : View

Products Affected

sap

server_core
j2ee_engine_core

CWE

CWE-264

Permissions, Privileges, and Access Controls

4.9 /10