The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly have unspecified other impact via requests to (1) webcontent/cas/cas_enter.jsp, (2) webcontent/cas/cas_validate.jsp, or (3) webcontent/aas/aas_store.jsp, aka SAP Security Note 1945215.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2016-04-08T00:00:00
Updated: 2024-08-06T08:29:22.013Z
Reserved: 2016-04-07T00:00:00
Link: CVE-2015-8840
Vulnrichment
No data.
NVD
Status : Modified
Published: 2016-04-08T00:59:00.120
Modified: 2024-11-21T02:39:17.827
Link: CVE-2015-8840
Redhat
No data.