CVE-2010-5326

NVD Published Date: May 13, 2016 at 10:59 AM
NVD Last Modified: April 20, 2021 at 06:41 PM
Download Patch
Vulnerability ID
CVE-2010-5326
Severity
CRITICAL
Severity Score
10.0
Summary
The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "Detour" attack.
References
Mitigation and Patches
-
Exploits
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE ID
NVD-CWE-noinfo

Recent Publish

CVE-2019-7609

KB5041592

KB5002619

CVE-2019-11510

CVE-2019-11708

KB5002642

See More ...

See SecOps Solution
in action

Schedule Demo
Agentless security for your infrastructure and applications - to build faster, more securely and in a fraction of the operational cost of other solutions
hello@secopsolution.com
+569-231-213
Compare
Qualys Cloud Agent Tenable Nessus Rapid7 InsightVM
Company
About Us Contact Career
Resources
Blog Sample Reports CVE Windows KB Case Studies eBooks Policy Templates Webinar
Try It
Patch Astra EPSS Calculator Contact Free Scan Schedule Demo Log In
© 2024  SecOps Solution, Inc.| Privacy Policy | Terms and Conditions .
Social Media :