Lucene search

[email protected]NVD:CVE-2013-6814

HistoryNov 20, 2013 - 2:12 p.m.

CVE-2013-6814

2013-11-2014:12:30

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.4

Confidence

Low

EPSS

0.003

Percentile

70.8%

JSON

The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors.

Affected configurations

Nvd

Node

sapnetweaverRange≤7.02

sapnetweaverMatch6.4

VendorProductVersionCPE
sapnetweaver*cpe:2.3:a:sap:netweaver:*:*:*:*:*:*:*:*
sapnetweaver6.4cpe:2.3:a:sap:netweaver:6.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	netweaver	*	cpe:2.3:a:sap:netweaver::::::::
sap	netweaver	6.4	cpe:2.3:a:sap:netweaver:6.4:::::::*

References

scn.sap.com/docs/DOC-8218

secunia.com/advisories/55778

erpscan.io/advisories/erpscan-13-021-sap-portal-unvalidated-redirect/

service.sap.com/sap/support/notes/1854826

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.4

Confidence

Low

EPSS

0.003

Percentile

70.8%

JSON

Related for NVD:CVE-2013-6814

prion1 cve1 cvelist1