Vulnerability Details CVE-2015-8840
The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly have unspecified other impact via requests to (1) webcontent/cas/cas_enter.jsp, (2) webcontent/cas/cas_validate.jsp, or (3) webcontent/aas/aas_store.jsp, aka SAP Security Note 1945215.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.9%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- http://scn.sap.com/community/security/blog/2015/07/15/sap-security-notes-july-2015
- https://erpscan.io/advisories/erpscan-15-017-sap-netweaver-j2ee-das-service-unauthorized-access/
- http://scn.sap.com/community/security/blog/2015/07/15/sap-security-notes-july-2015
- https://erpscan.io/advisories/erpscan-15-017-sap-netweaver-j2ee-das-service-unauthorized-access/
Products affected by CVE-2015-8840
-
cpe:2.3:a:sap:netweaver_application_server_java:-