CVE-2010-5326
- Reference to the description:
- Description:
- The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "Detour" attack.
- Last updated date:
- 04/20/2021
Reports
ACTIVELY EXPLOITED
- Type:
- exploitation
- Confidence:
- HIGH
- Date of publishing:
- 04/20/2021
- Reference url to background
- Type:
- exploitation
- Confidence:
- HIGH
- Date of publishing:
- 07/23/2021
- Reference url to background
https://www.cisa.gov/known-exploited-vulnerabilities-catalog