CVE-2010-2347 - Vulnerability Details - OpenCVE

The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 through 7.02, and Server Core (SERVERCORE) 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sap	J2ee Engine Core Server Core

Configuration 1 [-]

OR	cpe:2.3:a:sap:j2ee_engine_core:6.40:::::::*
	cpe:2.3:a:sap:j2ee_engine_core:7.00:::::::*
	cpe:2.3:a:sap:j2ee_engine_core:7.01:::::::*
	cpe:2.3:a:sap:j2ee_engine_core:7.02:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:sap:server_core:7.10:::::::*
	cpe:2.3:a:sap:server_core:7.11:::::::*
	cpe:2.3:a:sap:server_core:7.20:::::::*
	cpe:2.3:a:sap:server_core:7.30:::::::*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0371.html
http://secunia.com/advisories/40223
http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-005
http://www.securityfocus.com/archive/1/511855/100/0/threaded
http://www.securityfocus.com/bid/40916
http://www.securitytracker.com/id?1024114
https://exchange.xforce.ibmcloud.com/vulnerabilities/59502
https://service.sap.com/sap/support/notes/1425847

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-06-21T19:00:00

Updated: 2024-08-07T02:32:16.432Z

Reserved: 2010-06-21T00:00:00

Link: CVE-2010-2347

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-06-21T19:30:01.990

Modified: 2024-11-21T01:16:28.080

Link: CVE-2010-2347

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-06-16T00:00:00", "descriptions": [{"lang": "en", "value": "The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 through 7.02, and Server Core (SERVERCORE) 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-005"}, {"name": "sap-j2eenginecore-telnet-weak-security(59502)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59502"}, {"name": "20100616 [Onapsis Security Advisory 2010-005] SAP J2EE Telnet Administration Security Check Bypass", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0371.html"}, {"tags": ["x_refsource_MISC"], "url": "https://service.sap.com/sap/support/notes/1425847"}, {"name": "20100616 [Onapsis Security Advisory 2010-005] SAP J2EE Telnet Administration Security Check Bypass", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/511855/100/0/threaded"}, {"name": "40223", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/40223"}, {"name": "40916", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/40916"}, {"name": "1024114", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1024114"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-2347", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 through 7.02, and Server Core (SERVERCORE) 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-005", "refsource": "MISC", "url": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-005"}, {"name": "sap-j2eenginecore-telnet-weak-security(59502)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59502"}, {"name": "20100616 [Onapsis Security Advisory 2010-005] SAP J2EE Telnet Administration Security Check Bypass", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0371.html"}, {"name": "https://service.sap.com/sap/support/notes/1425847", "refsource": "MISC", "url": "https://service.sap.com/sap/support/notes/1425847"}, {"name": "20100616 [Onapsis Security Advisory 2010-005] SAP J2EE Telnet Administration Security Check Bypass", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/511855/100/0/threaded"}, {"name": "40223", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40223"}, {"name": "40916", "refsource": "BID", "url": "http://www.securityfocus.com/bid/40916"}, {"name": "1024114", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1024114"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:32:16.432Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-005"}, {"name": "sap-j2eenginecore-telnet-weak-security(59502)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59502"}, {"name": "20100616 [Onapsis Security Advisory 2010-005] SAP J2EE Telnet Administration Security Check Bypass", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0371.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://service.sap.com/sap/support/notes/1425847"}, {"name": "20100616 [Onapsis Security Advisory 2010-005] SAP J2EE Telnet Administration Security Check Bypass", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/511855/100/0/threaded"}, {"name": "40223", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/40223"}, {"name": "40916", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/40916"}, {"name": "1024114", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1024114"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-2347", "datePublished": "2010-06-21T19:00:00", "dateReserved": "2010-06-21T00:00:00", "dateUpdated": "2024-08-07T02:32:16.432Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:j2ee_engine_core:6.40:*:*:*:*:*:*:*", "matchCriteriaId": "AF47C84E-A928-471E-8866-9EFE8503C7B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:j2ee_engine_core:7.00:*:*:*:*:*:*:*", "matchCriteriaId": "0BAA9A27-40F8-4A2D-9988-4B25FC0E47C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:j2ee_engine_core:7.01:*:*:*:*:*:*:*", "matchCriteriaId": "586AF9AC-84C8-4C50-8053-2DB8525620AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:j2ee_engine_core:7.02:*:*:*:*:*:*:*", "matchCriteriaId": "6911CBA7-2677-42E6-BC92-0389B0CEA104", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:server_core:7.10:*:*:*:*:*:*:*", "matchCriteriaId": "C7CE3526-F61B-4DA3-B1C0-7523CF3A82DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:server_core:7.11:*:*:*:*:*:*:*", "matchCriteriaId": "4D1FCCA5-1C57-44A5-8DCE-3EC1DACC86DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:server_core:7.20:*:*:*:*:*:*:*", "matchCriteriaId": "FC7EE990-5E12-480A-8721-AF926883819A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:server_core:7.30:*:*:*:*:*:*:*", "matchCriteriaId": "1A2054E9-824C-4377-B845-CEA20965BB81", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 through 7.02, and Server Core (SERVERCORE) 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors."}, {"lang": "es", "value": "El interfaz Telnet en el SAP J2EE Engine Core (SAP-JEECOR) v6.40 hasta v7.02, y Server Core (SERVERCORE) v7.10 hasta la v7.30 permite a usuarios remotos autenticados evitar una comprobaci\u00f3n de seguridad y realizar ataques de retransmisi\u00f3n de SMB a trav\u00e9s de vectores sin especificar."}], "id": "CVE-2010-2347", "lastModified": "2024-11-21T01:16:28.080", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-06-21T19:30:01.990", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0371.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/40223"}, {"source": "cve@mitre.org", "url": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-005"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/511855/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/40916"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1024114"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59502"}, {"source": "cve@mitre.org", "url": "https://service.sap.com/sap/support/notes/1425847"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0371.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/40223"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-005"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/511855/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/40916"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1024114"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59502"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://service.sap.com/sap/support/notes/1425847"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}