Sign-up

ID

VAR-201311-0361


CVE

CVE-2013-6815


TITLE

SAP NetWeaver of ABAP Service interruption in application server (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-005194

DESCRIPTION

The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue. This case XML External entity (XXE) Vulnerability related to the problem.Service disruption by a third party (DoS) There is a possibility of being put into a state. Exploiting these issues may allow a remote attacker to bypass certain security restrictions and perform unauthorized actions or cause denial-of-service conditions. This may lead to further attacks

Trust: 1.89

sources: NVD: CVE-2013-6815 // JVNDB: JVNDB-2013-005194 // BID: 63779

AFFECTED PRODUCTS

vendor:sapmodel:netweaverscope:lteversion:7.31

Trust: 1.8

vendor:sapmodel:netweaverscope:eqversion:7.03

Trust: 1.6

vendor:sapmodel:netweaverscope:eqversion:7.02

Trust: 1.6

vendor:sapmodel:netweaverscope:eqversion:7.0

Trust: 1.6

vendor:sapmodel:netweaverscope:eqversion:7.10

Trust: 1.6

vendor:sapmodel:netweaverscope:eqversion:7.01

Trust: 1.6

vendor:sapmodel:netweaverscope:eqversion:7.30

Trust: 1.6

vendor:sapmodel:netweaverscope:eqversion:4.0

Trust: 1.0

vendor:sapmodel:netweaverscope:eqversion:6.4

Trust: 1.0

vendor:sapmodel:netweaverscope:eqversion:7.31

Trust: 0.6

sources: JVNDB: JVNDB-2013-005194 // CNNVD: CNNVD-201311-286 // NVD: CVE-2013-6815

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6815
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-6815
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201311-286
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2013-6815
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2013-005194 // CNNVD: CNNVD-201311-286 // NVD: CVE-2013-6815

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2013-005194 // NVD: CVE-2013-6815

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201311-286

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201311-286

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005194

PATCH
title:Acknowledgments to Security Researchersurl:http://scn.sap.com/docs/DOC-8218
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005194

EXTERNAL IDS
db:NVDid:CVE-2013-6815
Trust: 2.7
db:SECUNIAid:55620
Trust: 1.6
db:JVNDBid:JVNDB-2013-005194
Trust: 0.8
db:CNNVDid:CNNVD-201311-286
Trust: 0.6
db:BIDid:63779
Trust: 0.3
sources:
            
            
            BID: 63779 // 
            
            
            
            JVNDB: JVNDB-2013-005194 // 
            
            
            
            CNNVD: CNNVD-201311-286 // 
            
            
            
            NVD: CVE-2013-6815

REFERENCES
url:https://service.sap.com/sap/support/notes/1890819
Trust: 1.6
url:http://secunia.com/advisories/55620
Trust: 1.6
url:http://scn.sap.com/docs/doc-8218
Trust: 1.6
url:http://erpscan.com/advisories/erpscan-13-020-sap-netweaver-shsti_upload_xml-xxe/
Trust: 1.4
url:https://erpscan.io/advisories/erpscan-13-020-sap-netweaver-shsti_upload_xml-xxe/
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6815
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6815
Trust: 0.8
url:http://www.sap.com/platform/netweaver/index.epx
Trust: 0.3
sources:
            
            
            BID: 63779 // 
            
            
            
            JVNDB: JVNDB-2013-005194 // 
            
            
            
            CNNVD: CNNVD-201311-286 // 
            
            
            
            NVD: CVE-2013-6815

CREDITS
Nikolay Mescherin, ERPScan
Trust: 0.3
sources:
            
            
            BID: 63779

SOURCES
db:BIDid:63779
db:JVNDBid:JVNDB-2013-005194
db:CNNVDid:CNNVD-201311-286
db:NVDid:CVE-2013-6815

LAST UPDATE DATE
2024-11-23T22:13:50.811000+00:00

SOURCES UPDATE DATE
db:BIDid:63779date:2013-11-21T00:17:00
db:JVNDBid:JVNDB-2013-005194date:2013-11-21T00:00:00
db:CNNVDid:CNNVD-201311-286date:2013-11-22T00:00:00
db:NVDid:CVE-2013-6815date:2024-11-21T01:59:45.610

SOURCES RELEASE DATE
db:BIDid:63779date:2013-10-30T00:00:00
db:JVNDBid:JVNDB-2013-005194date:2013-11-21T00:00:00
db:CNNVDid:CNNVD-201311-286date:2013-11-22T00:00:00
db:NVDid:CVE-2013-6815date:2013-11-20T14:12:30.913