漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Missing Authentication check after implementation of SAP Security Note 3007182 and 3537476
Vulnerability Description
An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system is fully patched, successful exploitation could result in complete system compromise, affecting confidentiality, integrity, and availability.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
使用单一因素认证机制
Vulnerability Title
SAP NetWeaver ABAP Server和SAP ABAP Platform 安全漏洞
Vulnerability Description
SAP NetWeaver ABAP Server和SAP ABAP Platform都是德国思爱普(SAP)公司的产品。SAP NetWeaver ABAP Server是一个用作 SAP 产品的 Web 应用程序服务器。SAP ABAP Platform是一个基于 ABAP 的 SAP 解决方案。 SAP NetWeaver ABAP Server和SAP ABAP Platform存在安全漏洞,该漏洞源于未验证攻击者可利用从缺失特定补丁的系统提取的HMAC凭据进行重放攻击,可能导致完全系统破解。
CVSS Information
N/A
Vulnerability Type
N/A