ID
VAR-201310-0619
CVE
CVE-2013-6244
TITLE
SAP NetWeaver of Live Update webdynpro Vulnerability in application to read arbitrary files and directories
Trust: 0.8
DESCRIPTION
The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. SAP NetWeaver is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. Given the nature of this issue, attacker may also be able to cause a denial-of-service condition
Trust: 1.89
AFFECTED PRODUCTS
| vendor: | sap | model: | netweaver | scope: | lte | version: | 7.31 | Trust: 1.8 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.03 | Trust: 1.6 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 6.4 | Trust: 1.6 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.02 | Trust: 1.6 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.0 | Trust: 1.6 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.10 | Trust: 1.6 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.01 | Trust: 1.6 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.30 | Trust: 1.6 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 4.0 | Trust: 1.6 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.31 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-noinfo | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
input validation
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | Acknowledgments to Security Researchers | url: | http://scn.sap.com/docs/DOC-8218 | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2013-6244 | Trust: 2.7 |
| db: | SECUNIA | id: | 55302 | Trust: 1.6 |
| db: | BID | id: | 63302 | Trust: 1.3 |
| db: | OSVDB | id: | 98892 | Trust: 1.0 |
| db: | JVNDB | id: | JVNDB-2013-004874 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201310-551 | Trust: 0.6 |
REFERENCES
| url: | http://en.securitylab.ru/lab/pt-2013-13 | Trust: 2.4 |
| url: | https://service.sap.com/sap/support/notes/1820894 | Trust: 1.6 |
| url: | http://secunia.com/advisories/55302 | Trust: 1.6 |
| url: | http://scn.sap.com/docs/doc-8218 | Trust: 1.6 |
| url: | http://www.securityfocus.com/bid/63302 | Trust: 1.0 |
| url: | http://osvdb.org/98892 | Trust: 1.0 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6244 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6244 | Trust: 0.8 |
| url: | https://www.sdn.sap.com/irj/sdn/webdynpro | Trust: 0.3 |
CREDITS
Arseny Reutov of Positive Technologies.
Trust: 0.3
SOURCES
| db: | BID | id: | 63302 |
| db: | JVNDB | id: | JVNDB-2013-004874 |
| db: | CNNVD | id: | CNNVD-201310-551 |
| db: | NVD | id: | CVE-2013-6244 |
LAST UPDATE DATE
2024-11-23T22:27:22.887000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 63302 | date: | 2013-12-31T00:19:00 |
| db: | JVNDB | id: | JVNDB-2013-004874 | date: | 2013-10-28T00:00:00 |
| db: | CNNVD | id: | CNNVD-201310-551 | date: | 2013-10-24T00:00:00 |
| db: | NVD | id: | CVE-2013-6244 | date: | 2024-11-21T01:58:55.037 |
SOURCES RELEASE DATE
| db: | BID | id: | 63302 | date: | 2013-10-23T00:00:00 |
| db: | JVNDB | id: | JVNDB-2013-004874 | date: | 2013-10-28T00:00:00 |
| db: | CNNVD | id: | CNNVD-201310-551 | date: | 2013-10-24T00:00:00 |
| db: | NVD | id: | CVE-2013-6244 | date: | 2013-10-24T00:55:02.570 |