SAP NetWeaver SAPHostControl Service Command Injection Vulnerability
Severity: : High
Advisory Date: 21 lipca 2015
DESCRIPTION
A vulnerability has been reported in SAP NetWeaver, which can be exploited by malicious people to compromise a vulnerable system.The vulnerability is caused due to missing input validation in SAPHostControl Service and can be exploited to inject arbitrary commands via the SOAP management interface.
INFORMATION EXPOSURE
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1005176
Trend Micro Deep Security DPI Rule Name: 1005176 - SAP NetWeaver SAPHostControl Service Command Injection Vulnerability
AFFECTED SOFTWARE AND VERSION:
- SAP NetWeaver