Lucene search

MitreCVE-2013-7361

HistoryApr 10, 2014 - 8:55 p.m.

CVE-2013-7361

2014-04-1020:55:05

CWE-22

mitre

web.nvd.nist.gov

sap

cms

cm services

directory traversal

vulnerability

arbitrary files

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.9

Confidence

Low

EPSS

0.002

Percentile

56.4%

JSON

Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors.

Affected configurations

Nvd

Node

sapcm_servicesMatch-

sapcms_servicesMatch-

VendorProductVersionCPE
sapcm_services-cpe:2.3:a:sap:cm_services:-:*:*:*:*:*:*:*
sapcms_services-cpe:2.3:a:sap:cms_services:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	cm_services	-	cpe:2.3:a:sap:cm_services:-:::::::*
sap	cms_services	-	cpe:2.3:a:sap:cms_services:-:::::::*

References

www.onapsis.com/get.php?resid=adv_onapsis-2013-008

www.onapsis.com/research-advisories.php

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.9

Confidence

Low

EPSS

0.002

Percentile

56.4%

JSON

Related for CVE-2013-7361