Vulnerability Details : CVE-2015-5067
The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982.
Products affected by CVE-2015-5067
- cpe:2.3:a:sap:netweaver:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-5067
1.74%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-5067
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2015-5067
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-5067
-
http://scn.sap.com/community/security/blog/2015/06/11/sap-security-notes-june-2015
Page not found | SAP BlogsVendor Advisory
-
https://erpscan.io/advisories/erpscan-15-015-sap-netweaver-hardcoded-credentials/
[ERPSCAN-15-015] SAP NetWeaver - Hardcoded Credentials
-
https://erpscan.io/advisories/erpscan-15-016-sap-netweaver-hardcoded-credentials/
[ERPSCAN-15-016] SAP NetWeaver - Hardcoded credentials
-
http://packetstormsecurity.com/files/133515/SAP-NetWeaver-AS-FKCDBFTRACE-ABAP-Hardcoded-Credentials.html
SAP NetWeaver AS FKCDBFTRACE ABAP Hardcoded Credentials ≈ Packet StormThird Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/133516/SAP-NetWeaver-AS-LSCT1I13-ABAP-Hardcoded-Credentials.html
SAP NetWeaver AS LSCT1I13 ABAP Hardcoded Credentials ≈ Packet StormThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/75165
SAP NetWeaver CVE-2015-5067 Hardcoded Credentials Multiple Local Security Bypass VulnerabilitiesThird Party Advisory;VDB Entry
Jump to