Lucene search

[email protected]CVE-2013-6814

HistoryNov 20, 2013 - 2:12 p.m.

CVE-2013-6814

2013-11-2014:12:30

CWE-20

[email protected]

web.nvd.nist.gov

sap netweaver

j2ee engine

cve-2013-6814

remote attack

phishing

sensitive information

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.5 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.9%

JSON

The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors.

Affected configurations

NVD

Node

sapnetweaverRange≤7.02

sapnetweaverMatch6.4

CPENameOperatorVersion
sap:netweaversap netweaverle7.02
sap:netweaversap netweavereq6.4

CPE	Name	Operator	Version
sap:netweaver	sap netweaver	le	7.02
sap:netweaver	sap netweaver	eq	6.4

References

scn.sap.com/docs/DOC-8218

secunia.com/advisories/55778

erpscan.io/advisories/erpscan-13-021-sap-portal-unvalidated-redirect/

service.sap.com/sap/support/notes/1854826

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.5 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.9%

JSON

Related for CVE-2013-6814

cvelist1 prion1 nvd1