CVE-2012-1289 - OpenCVE

Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or (3) ipc/admin/log.jsp or (4) ipc/admin/log_view.jsp in the Application Administration (com.sap.ipc.webapp.ipc) component.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sap	Netweaver

Configuration 1 [-]

cpe:2.3:a:sap:netweaver:7.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://dsecrg.com/pages/vul/show.php?id=412
http://dsecrg.com/pages/vul/show.php?id=413
http://secunia.com/advisories/47861
http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a
http://www.securityfocus.com/bid/52101
https://exchange.xforce.ibmcloud.com/vulnerabilities/73346
https://service.sap.com/sap/support/notes/1585527

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-02-23T18:00:00

Updated: 2024-08-06T18:53:36.913Z

Reserved: 2012-02-23T00:00:00

Link: CVE-2012-1289

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-02-23T20:07:25.860

Modified: 2017-08-29T01:31:15.990

Link: CVE-2012-1289

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-02-17T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or (3) ipc/admin/log.jsp or (4) ipc/admin/log_view.jsp in the Application Administration (com.sap.ipc.webapp.ipc) component."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "52101", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/52101"}, {"name": "netweaver-logview-directory-traversal(73346)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73346"}, {"tags": ["x_refsource_MISC"], "url": "https://service.sap.com/sap/support/notes/1585527"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a"}, {"tags": ["x_refsource_MISC"], "url": "http://dsecrg.com/pages/vul/show.php?id=412"}, {"tags": ["x_refsource_MISC"], "url": "http://dsecrg.com/pages/vul/show.php?id=413"}, {"name": "47861", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/47861"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-1289", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or (3) ipc/admin/log.jsp or (4) ipc/admin/log_view.jsp in the Application Administration (com.sap.ipc.webapp.ipc) component."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "52101", "refsource": "BID", "url": "http://www.securityfocus.com/bid/52101"}, {"name": "netweaver-logview-directory-traversal(73346)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73346"}, {"name": "https://service.sap.com/sap/support/notes/1585527", "refsource": "MISC", "url": "https://service.sap.com/sap/support/notes/1585527"}, {"name": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a", "refsource": "CONFIRM", "url": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a"}, {"name": "http://dsecrg.com/pages/vul/show.php?id=412", "refsource": "MISC", "url": "http://dsecrg.com/pages/vul/show.php?id=412"}, {"name": "http://dsecrg.com/pages/vul/show.php?id=413", "refsource": "MISC", "url": "http://dsecrg.com/pages/vul/show.php?id=413"}, {"name": "47861", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/47861"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:53:36.913Z"}, "title": "CVE Program Container", "references": [{"name": "52101", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/52101"}, {"name": "netweaver-logview-directory-traversal(73346)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73346"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://service.sap.com/sap/support/notes/1585527"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://dsecrg.com/pages/vul/show.php?id=412"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://dsecrg.com/pages/vul/show.php?id=413"}, {"name": "47861", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/47861"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-1289", "datePublished": "2012-02-23T18:00:00", "dateReserved": "2012-02-23T00:00:00", "dateUpdated": "2024-08-06T18:53:36.913Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "41FAC5DD-D577-47F9-B0CA-006032256642", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or (3) ipc/admin/log.jsp or (4) ipc/admin/log_view.jsp in the Application Administration (com.sap.ipc.webapp.ipc) component."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de salto de directorio en la plataforma SAP NetWeaver v7.0 permite a usuarios remotos autenticados leer ficheros arbitrarios a trav\u00e9s de un .. (punto punto) en el par\u00e1metro logfilename a (1) b2b/admin/log.jsp o (2) b2b/admin/log_view.jsp en las ventas por Internet (crm.b2b), componente, o (3) ipc / admin log / . jsp o (4) los componentes del IPC / admin / log_view.jsp en la Administraci\u00f3n de aplicaciones (com.sap.ipc.webapp.ipc) .."}], "id": "CVE-2012-1289", "lastModified": "2017-08-29T01:31:15.990", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-02-23T20:07:25.860", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://dsecrg.com/pages/vul/show.php?id=412"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://dsecrg.com/pages/vul/show.php?id=413"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/47861"}, {"source": "cve@mitre.org", "url": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/52101"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73346"}, {"source": "cve@mitre.org", "url": "https://service.sap.com/sap/support/notes/1585527"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}