Lucene search

[email protected]CVE-2013-7094

HistoryDec 13, 2013 - 8:08 p.m.

CVE-2013-7094

2013-12-1320:08:40

CWE-89

[email protected]

web.nvd.nist.gov

cve-2013-7094

sql injection

sap netweaver 7.30

vulnerability

nvd

remote execution

sql commands

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.6 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.1%

JSON

SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Affected configurations

NVD

Node

sapnetweaverMatch7.30

CPENameOperatorVersion
sap:netweaversap netweavereq7.30

CPE	Name	Operator	Version
sap:netweaver	sap netweaver	eq	7.30

References

scn.sap.com/docs/DOC-8218

secunia.com/advisories/56061

www.securityfocus.com/bid/64232

erpscan.io/advisories/erpscan-13-022-sap-netweaver-rsddcver_count_tab_cols-potential-sql-injection/

exchange.xforce.ibmcloud.com/vulnerabilities/89603

service.sap.com/sap/support/notes/1836718

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.6 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.1%

JSON

Related for CVE-2013-7094

prion1 nvd1 cvelist1