CVE-2012-1292

Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vectors.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://service.sap.com/sap/support/notes/1585527
http://www.securityfocus.com/bid/52101
http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a
http://dsecrg.com/pages/vul/show.php?id=416
http://secunia.com/advisories/47861	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:sap:netweaver:7.0:*:*:*:*:*:*:*

Information

Published : 2012-02-23 12:07

Updated : 2012-02-26 21:00

NVD link : CVE-2012-1292

Mitre link : CVE-2012-1292

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

sap

netweaver

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://service.sap.com/sap/support/notes/1585527", "name": "https://service.sap.com/sap/support/notes/1585527", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/52101", "name": "52101", "tags": [], "refsource": "BID"}, {"url": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a", "name": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a", "tags": [], "refsource": "CONFIRM"}, {"url": "http://dsecrg.com/pages/vul/show.php?id=416", "name": "http://dsecrg.com/pages/vul/show.php?id=416", "tags": [], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/47861", "name": "47861", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-1292", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2012-02-23T20:07Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:sap:netweaver:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2012-02-27T05:00Z"}

5.0 /10