Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
JNDI Injection vulnerability in SAP NetWeaver Enterprise Portal
Vulnerability Description
SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject JNDI environment properties or pass a URL used during JNDI lookup operations, enabling access to an unintended JNDI provider.�This could further lead to disclosure or modification of information about the server. There is no impact on availability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
数据查询逻辑中特殊元素的不当中和
Vulnerability Title
SAP NetWeaver Enterprise Portal 安全漏洞
Vulnerability Description
SAP NetWeaver Enterprise Portal是德国思爱普(SAP)公司的一个 SAP NetWeaver的 Web 前端组件。 SAP NetWeaver Enterprise Portal存在安全漏洞,该漏洞源于未经验证的攻击者可注入JNDI环境属性或传递JNDI查找操作期间使用的URL,可能导致信息泄露或修改。
CVSS Information
N/A
Vulnerability Type
N/A