SID 1:50002

Report a false positive

Rule Category

SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.

Alert Message

SERVER-OTHER SAP NetWeaver Gateway arbitrary command execution attempt

Rule Explanation

This event is generated when an external client attempts to invoke the SAPXPG_START_XPG remote function call. Impact: Attempted User Privilege Gain Details: This rule looks for external clients attempting to invoke the SAPXPG_START_XPG remote function call against the Gateway. Ease of Attack:

What To Look For

No information provided

Known Usage

No public information

False Positives

Known false positives, with the described conditions

This rule will alert on *any* attempt to invoke this remote function call from the $EXTERNAL_NET.

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

None

Additional Links

www.us-cert.gov/ncas/alerts/AA19-122A

Rule Vulnerability

No information provided

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.

None