CVE-2010-5326 - SAP NetWeaver Remote Code Execution Vulnerability

SAP | NetWeaver

• Date Added:
• 2021-11-03

• Due Date:
• 2022-05-03

Vulnerability Name

SAP NetWeaver Remote Code Execution Vulnerability

Description

SAP NetWeaver Application Server Java Platforms Invoker Servlet does not require authentication, allowing for remote code execution via a HTTP or HTTPS request.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://nvd.nist.gov/vuln/detail/CVE-2010-5326

Latest Security News

Healthcare Sector Charts 2 More Ransomware Attacks

Google blocked 2.36 million risky Android apps from Play Store in 2024

Ransomware attack disrupts New York blood donation giant

Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations

DeepSeek exposes database with over 1 million chat records

New Jailbreaks Allow Users to Manipulate GitHub Copilot

The Advantages of Cloud-Based Remote Desktop versus RDP over VPN

Major GitHub outage affects pull requests and other services

Top Alert List

Content Security Policy (CSP) Header Not Set

CSP

MediumMissing Anti-clickjacking Header

MediumAbsence of Anti-CSRF Tokens

InformationalInformation Disclosure - Suspicious Comments

MediumContent Security Policy (CSP) Header Not Set

InformationalModern Web Application

LowCross-Domain JavaScript Source File Inclusion

InformationalRe-examine Cache-control Directives

LowX-Content-Type-Options Header Missing

Top CVE List

CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability

CVE-2021-33045 Dahua IP Camera Authentication Bypass Vulnerability

CVE-2024-47575 Fortinet FortiManager Missing Authentication Vulnerability

CVE-2025-23006 SonicWall SMA1000 Appliances Deserialization Vulnerability

CVE-2017-6736 Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

CVE-2022-34713 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

CVE-2024-55956 Cleo Multiple Products Unauthenticated File Upload Vulnerability

CVE-2010-5326 SAP NetWeaver Remote Code Execution Vulnerability

CVE-2015-0071 Microsoft Internet Explorer ASLR Bypass Vulnerability

CVE-2015-2360 Microsoft Win32k Privilege Escalation Vulnerability

Common CWEs

CWE-1338 Improper Protections Against Hardware Overheating

CWE-295 Improper Certificate Validation

CWE-543 Use of Singleton Pattern Without Synchronization in a Multithreaded Context

HighCWE-268 Privilege Chaining

CWE-90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

CWE-1421 Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution

CWE-1125 Excessive Attack Surface

CWE-576 EJB Bad Practices: Use of Java I/O

CWE-1294 Insecure Security Identifier Mechanism

CWE-685 Function Call With Incorrect Number of Arguments