Sign-up

ID

VAR-201308-0079


CVE

CVE-2013-3319


TITLE

SAP Netweaver of HostControl Service of GetComputerSystem Vulnerabilities that can capture important information in methods

Trust: 0.8

sources: JVNDB: JVNDB-2013-003761

DESCRIPTION

The GetComputerSystem method in the HostControl service in SAP Netweaver 7.03 allows remote attackers to obtain sensitive information via a crafted SOAP request to TCP port 1128. SAP Netweaver is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. SAP Netweaver 7.03 and prior are vulnerable

Trust: 1.98

sources: NVD: CVE-2013-3319 // JVNDB: JVNDB-2013-003761 // BID: 61402 // VULMON: CVE-2013-3319

AFFECTED PRODUCTS

vendor:sapmodel:netweaverscope:eqversion:7.03

Trust: 2.7

sources: BID: 61402 // JVNDB: JVNDB-2013-003761 // CNNVD: CNNVD-201307-546 // NVD: CVE-2013-3319

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3319
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3319
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201307-546
value: MEDIUM

Trust: 0.6

VULMON: CVE-2013-3319
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3319
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

sources: VULMON: CVE-2013-3319 // JVNDB: JVNDB-2013-003761 // CNNVD: CNNVD-201307-546 // NVD: CVE-2013-3319

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2013-003761 // NVD: CVE-2013-3319

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-546

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201307-546

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003761

PATCH
title:SAP Security Note 1816536url:http://scn.sap.com/docs/DOC-8218
Trust: 0.8
title: - url:https://github.com/khulnasoft-labs/awesome-security 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2013-3319 // 
            
            
            
            JVNDB: JVNDB-2013-003761

EXTERNAL IDS
db:NVDid:CVE-2013-3319
Trust: 2.8
db:SECUNIAid:54277
Trust: 1.7
db:BIDid:61402
Trust: 1.0
db:JVNDBid:JVNDB-2013-003761
Trust: 0.8
db:XFid:85905
Trust: 0.6
db:XFid:20133319
Trust: 0.6
db:CNNVDid:CNNVD-201307-546
Trust: 0.6
db:VULMONid:CVE-2013-3319
Trust: 0.1
sources:
            
            
            VULMON: CVE-2013-3319 // 
            
            
            
            BID: 61402 // 
            
            
            
            JVNDB: JVNDB-2013-003761 // 
            
            
            
            CNNVD: CNNVD-201307-546 // 
            
            
            
            NVD: CVE-2013-3319

REFERENCES
url:http://labs.integrity.pt/advisories/cve-2013-3319/
Trust: 2.8
url:http://scn.sap.com/docs/doc-8218
Trust: 1.7
url:https://service.sap.com/sap/support/notes/1816536
Trust: 1.7
url:http://secunia.com/advisories/54277
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/85905
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3319
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3319
Trust: 0.8
url:http://www.securityfocus.com/bid/61402
Trust: 0.7
url:http://xforce.iss.net/xforce/xfdb/85905
Trust: 0.6
url:http://www.sap.com/platform/netweaver/index.epx
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.rapid7.com/db/modules/auxiliary/scanner/sap/sap_hostctrl_getcomputersystem
Trust: 0.1
url:https://github.com/khulnasoft-labs/awesome-security
Trust: 0.1
sources:
            
            
            VULMON: CVE-2013-3319 // 
            
            
            
            BID: 61402 // 
            
            
            
            JVNDB: JVNDB-2013-003761 // 
            
            
            
            CNNVD: CNNVD-201307-546 // 
            
            
            
            NVD: CVE-2013-3319

CREDITS
Bruno Morisson
Trust: 0.9
sources:
            
            
            BID: 61402 // 
            
            
            
            CNNVD: CNNVD-201307-546

SOURCES
db:VULMONid:CVE-2013-3319
db:BIDid:61402
db:JVNDBid:JVNDB-2013-003761
db:CNNVDid:CNNVD-201307-546
db:NVDid:CVE-2013-3319

LAST UPDATE DATE
2024-08-14T15:03:41.259000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2013-3319date:2017-08-29T00:00:00
db:BIDid:61402date:2013-07-09T00:00:00
db:JVNDBid:JVNDB-2013-003761date:2013-08-19T00:00:00
db:CNNVDid:CNNVD-201307-546date:2013-08-19T00:00:00
db:NVDid:CVE-2013-3319date:2017-08-29T01:33:22.793

SOURCES RELEASE DATE
db:VULMONid:CVE-2013-3319date:2013-08-16T00:00:00
db:BIDid:61402date:2013-07-09T00:00:00
db:JVNDBid:JVNDB-2013-003761date:2013-08-19T00:00:00
db:CNNVDid:CNNVD-201307-546date:2013-07-09T00:00:00
db:NVDid:CVE-2013-3319date:2013-08-16T17:55:05.050