漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
JNDI Injection vulnerability in SAP NetWeaver Enterprise Portal
Vulnerability Description
SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject JNDI environment properties or pass a URL used during JNDI lookup operations, enabling access to an unintended JNDI provider.�This could further lead to disclosure or modification of information about the server. There is no impact on availability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
数据查询逻辑中特殊元素的不当中和
Vulnerability Title
SAP NetWeaver Enterprise Portal 安全漏洞
Vulnerability Description
SAP NetWeaver Enterprise Portal是德国思爱普(SAP)公司的一个 SAP NetWeaver的 Web 前端组件。 SAP NetWeaver Enterprise Portal存在安全漏洞,该漏洞源于未经验证的攻击者可注入JNDI环境属性或传递JNDI查找操作期间使用的URL,可能导致信息泄露或修改。
CVSS Information
N/A
Vulnerability Type
N/A