Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Mixed Dynamic RFC Destination vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP
Vulnerability Description
In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely compromise the remote service, potentially resulting in a significant impact on the confidentiality, integrity, and availability of the application.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
SAP NetWeaver Application Server 代码注入漏洞
Vulnerability Description
SAP NetWeaver Application Server是德国思爱普(SAP)公司的一款应用程序服务器。 SAP NetWeaver Application Server存在代码注入漏洞,该漏洞源于未正确限制远程函数调用,允许认证攻击者暴露远程服务凭证并完全控制该服务。
CVSS Information
N/A
Vulnerability Type
N/A