Vulnerability Description
The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Netweaver | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/133515/SAP-NetWeaver-AS-FKCDBFTRACE-ABAP-HaThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/133516/SAP-NetWeaver-AS-LSCT1I13-ABAP-HardcThird Party AdvisoryVDB Entry
- http://scn.sap.com/community/security/blog/2015/06/11/sap-security-notes-june-20Vendor Advisory
- http://www.securityfocus.com/bid/75165Third Party AdvisoryVDB Entry
- https://erpscan.io/advisories/erpscan-15-015-sap-netweaver-hardcoded-credentials
- https://erpscan.io/advisories/erpscan-15-016-sap-netweaver-hardcoded-credentials
- http://packetstormsecurity.com/files/133515/SAP-NetWeaver-AS-FKCDBFTRACE-ABAP-HaThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/133516/SAP-NetWeaver-AS-LSCT1I13-ABAP-HardcThird Party AdvisoryVDB Entry
- http://scn.sap.com/community/security/blog/2015/06/11/sap-security-notes-june-20Vendor Advisory
- http://www.securityfocus.com/bid/75165Third Party AdvisoryVDB Entry
- https://erpscan.io/advisories/erpscan-15-015-sap-netweaver-hardcoded-credentials
- https://erpscan.io/advisories/erpscan-15-016-sap-netweaver-hardcoded-credentials
FAQ
What is CVE-2015-5067?
CVE-2015-5067 is a vulnerability with a CVSS score of 7.5 (HIGH). The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2...
How severe is CVE-2015-5067?
CVE-2015-5067 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-5067?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Netweaver.