CVE-2015-5067

Published: Jun 24, 2015Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982.

Affected (1)

Products: Sap: Netweaver

Sap

1 product

Netweaver

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Netweaver	All versions

Related CWEs

CWE-255

References (12)

http://packetstormsecurity.com/files/133515/SAP-NetWeaver-AS-FKCDBFTRACE-ABAP-Hardcoded-Credentials.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/133516/SAP-NetWeaver-AS-LSCT1I13-ABAP-Hardcoded-Credentials.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://scn.sap.com/community/security/blog/2015/06/11/sap-security-notes-june-2015

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/75165

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://erpscan.io/advisories/erpscan-15-015-sap-netweaver-hardcoded-credentials/

Source: cve@mitre.org

https://erpscan.io/advisories/erpscan-15-016-sap-netweaver-hardcoded-credentials/

Source: cve@mitre.org

http://packetstormsecurity.com/files/133515/SAP-NetWeaver-AS-FKCDBFTRACE-ABAP-Hardcoded-Credentials.html