Lucene search

[email protected]CVE-2013-6816

HistoryNov 20, 2013 - 2:12 p.m.

CVE-2013-6816

2013-11-2014:12:30

CWE-79

[email protected]

web.nvd.nist.gov

cve-2013-6816

cross-site scripting

xss

sap netweaver

security vulnerabilities

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

NVD

Node

sapnetweaverMatch-

CPENameOperatorVersion
sap:netweaversap netweavereq-

CPE	Name	Operator	Version
sap:netweaver	sap netweaver	eq	-

References

scn.sap.com/docs/DOC-8218

secunia.com/advisories/55777

erpscan.io/advisories/erpscan-13-018-sap-netweaver-servlet-javadumpservice-multiple-xss/

erpscan.io/advisories/erpscan-13-019-sap-netweaver-servlet-datacollector-multiple-xss/

service.sap.com/sap/support/notes/1828801

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.6%

JSON

Related for CVE-2013-6816

nvd1 cvelist1 prion1