← Retour aux CVEs
CVE-2010-5326
CRITICALCISA KEV10.0
Description
The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "Detour" attack.
Details CVE
Score CVSS v3.110.0
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie5/13/2016
Derniere modification10/22/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurSAP
ProduitNetWeaver
Nom vulnerabiliteSAP NetWeaver Remote Code Execution Vulnerability
Date ajout KEV2021-11-03
Date limite remediation2022-05-03
Utilise dans ransomwareUnknown
Produits affectes
sap:netweaver_application_server_java
Faiblesses (CWE)
CWE-306
References
http://service.sap.com/sap/support/notes/1445998(cve@mitre.org)
http://www.onapsis.com/research/publications/sap-security-in-depth-vol4-the-invoker-servlet-a-dangerous-detour-into-sap-java-solutions(cve@mitre.org)
http://www.securityfocus.com/bid/48925(cve@mitre.org)
http://www.securityfocus.com/bid/90533(cve@mitre.org)
http://www.us-cert.gov/ncas/alerts/TA16-132A(cve@mitre.org)
https://www.onapsis.com/threat-report-tip-iceberg-wild-exploitation-cyber-attacks-sap-business-applications(cve@mitre.org)
http://service.sap.com/sap/support/notes/1445998(af854a3a-2127-422b-91ae-364da2661108)
http://www.onapsis.com/research/publications/sap-security-in-depth-vol4-the-invoker-servlet-a-dangerous-detour-into-sap-java-solutions(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/48925(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/90533(af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/ncas/alerts/TA16-132A(af854a3a-2127-422b-91ae-364da2661108)
https://www.onapsis.com/threat-report-tip-iceberg-wild-exploitation-cyber-attacks-sap-business-applications(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-5326(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.