CVE-2010-5326: SAP NetWeaver Remote Code Execution Vulnerability
First published: Fri May 13 2016(Updated: )
SAP NetWeaver Application Server Java Platforms Invoker Servlet does not require authentication, allowing for remote code execution via a HTTP or HTTPS request.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver Application Server Java | <=7.30 | |
| SAP NetWeaver | ||
| <=7.30 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.onapsis.com/threat-report-tip-iceberg-wild-exploitation-cyber-attacks-sap-business-applications
- http://www.onapsis.com/research/publications/sap-security-in-depth-vol4-the-invoker-servlet-a-dangerous-detour-into-sap-java-solutions
- http://www.us-cert.gov/ncas/alerts/TA16-132A
- http://www.securityfocus.com/bid/48925
- http://service.sap.com/sap/support/notes/1445998
- http://www.securityfocus.com/bid/90533
- https://nvd.nist.gov/vuln/detail/CVE-2010-5326
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/title
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/description
- agent/first-publish-date
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/author
- agent/references
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-cve
- source/NVD
- agent/last-modified-date
- collector/nvd-api
- vendor/sap
- canonical/sap netweaver application server java
- version/sap netweaver application server java/7.30
- canonical/sap netweaver