The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly have unspecified other impact via requests to (1) webcontent/cas/cas_enter.jsp, (2) webcontent/cas/cas_validate.jsp, or (3) webcontent/aas/aas_store.jsp, aka SAP Security Note 1945215.
References
Link | Resource |
---|---|
http://scn.sap.com/community/security/blog/2015/07/15/sap-security-notes-july-2015 | Broken Link |
https://erpscan.io/advisories/erpscan-15-017-sap-netweaver-j2ee-das-service-unauthorized-access/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2016-04-08T00:00:00
Updated: 2018-12-10T17:57:01
Reserved: 2016-04-07T00:00:00
Link: CVE-2015-8840
JSON object: View
NVD Information
Status : Analyzed
Published: 2016-04-08T00:59:00.120
Modified: 2021-04-20T18:37:45.997
Link: CVE-2015-8840
JSON object: View
Redhat Information
No data.
CWE