| Title | SAP NetWeaver AS Java における情報漏えいに関する脆弱性 |
|---|---|
| Summary | SAP NetWeaver AS Java (HTTP Service) には、情報漏えいに関する脆弱性が存在します。 |
| Possible impacts | 情報を取得される可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | April 15, 2020, midnight |
| Registration Date | May 7, 2020, 3:02 p.m. |
| Last Update | May 7, 2020, 3:02 p.m. |
| CVSS3.0 : 警告 | |
| Score | 6.2 |
|---|---|
| Vector | CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N |
| CVSS2.0 : 注意 | |
| Score | 3.5 |
|---|---|
| Vector | AV:N/AC:M/Au:S/C:P/I:N/A:N |
| SAP |
| SAP Netweaver Application Server Java 7.20 |
| SAP Netweaver Application Server Java 7.30 |
| SAP Netweaver Application Server Java 7.31 |
| SAP Netweaver Application Server Java 7.40 |
| SAP Netweaver Application Server Java 7.50 |
| SAP Netweaver Application Server Java 7.10 |
| SAP Netweaver Application Server Java 7.11 |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2020年05月07日] 掲載 |
May 7, 2020, 3:02 p.m. |
| Summary | SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files, when the user logs in and sends request with login credentials, leading to Information Disclosure. |
|---|---|
| Publication Date | April 15, 2020, 4:15 a.m. |
| Registration Date | Jan. 26, 2021, noon |
| Last Update | Nov. 21, 2024, 2:35 p.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:sap:netweaver_application_server_java:7.20:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sap:netweaver_application_server_java:7.30:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sap:netweaver_application_server_java:7.31:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sap:netweaver_application_server_java:7.40:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sap:netweaver_application_server_java:7.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sap:netweaver_application_server_java:7.11:*:*:*:*:*:*:* | |||||