Hillstone Networks

'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>

RULE（RULE ID：333029）

Rule General Information


Release Date:		2021-03-26

Rule Name:		SAP GUI SAPBExCommonResources ActiveX Command Execution Vulnerability

Severity:

CVE ID:

Rule Protection Details


Description:		A buffer overflow vulnerability has been reported in SAP GUI SAPBExCommonResources ActiveX control. The vulnerability is due to a design weakness in the Execute function of the ActiveX Object BExGlobal. This may allow remote attackers to execute arbitrary command by enticing the target user to open a maliciously crafted HTML document. In a successful attack scenario, where arbitrary code is injected and executed on the vulnerable target host, the behaviour of the target system is dependent on the malicious code. Note that any code executed by the attacker runs with the privileges of the logged in user. If code execution is not successful, a denial of service condition may occur on the target system.

Impact:		An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software.

Affected OS:		Windows, Linux, Others

Reference:

Solutions

Please contact the software vendor to update the software patch.