Details of VAR-201311-0365

ID

VAR-201311-0365

CVE

CVE-2013-6819

TITLE

SAP NetWeaver of Performance Provider Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-005198

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks

Trust: 1.89

sources: NVD: CVE-2013-6819 // JVNDB: JVNDB-2013-005198 // BID: 58614

AFFECTED PRODUCTS

vendor:	sap	model:	netweaver	scope:	eq	version:	-	Trust: 1.6
vendor:	sap	model:	netweaver	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2013-005198 // CNNVD: CNNVD-201311-290 // NVD: CVE-2013-6819

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-6819
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-6819
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201311-290
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2013-6819
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2013-005198 // CNNVD: CNNVD-201311-290 // NVD: CVE-2013-6819

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2013-005198 // NVD: CVE-2013-6819

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201311-290 // CNNVD: CNNVD-201303-524

TYPE

XSS

Trust: 1.2

sources: CNNVD: CNNVD-201311-290 // CNNVD: CNNVD-201303-524

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005198

PATCH

title:

Acknowledgments to Security Researchers

url:

http://scn.sap.com/docs/DOC-8218

Trust: 0.8

sources: JVNDB: JVNDB-2013-005198

EXTERNAL IDS

db:	NVD	id:	CVE-2013-6819	Trust: 2.7
db:	BID	id:	58614	Trust: 0.9
db:	JVNDB	id:	JVNDB-2013-005198	Trust: 0.8
db:	CNNVD	id:	CNNVD-201311-290	Trust: 0.6
db:	CNNVD	id:	CNNVD-201303-524	Trust: 0.6

sources: BID: 58614 // JVNDB: JVNDB-2013-005198 // CNNVD: CNNVD-201311-290 // CNNVD: CNNVD-201303-524 // NVD: CVE-2013-6819

REFERENCES

url:	https://service.sap.com/sap/support/notes/1784894	Trust: 1.6
url:	http://scn.sap.com/docs/doc-8218	Trust: 1.6
url:	http://erpscan.com/advisories/dsecrg-13-006-sap-netweaver-performance-provider-xss/	Trust: 1.4
url:	https://erpscan.io/advisories/dsecrg-13-006-sap-netweaver-performance-provider-xss/	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6819	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6819	Trust: 0.8
url:	http://www.securityfocus.com/bid/58614	Trust: 0.6
url:	http://www.sap.com/	Trust: 0.3

sources: BID: 58614 // JVNDB: JVNDB-2013-005198 // CNNVD: CNNVD-201311-290 // CNNVD: CNNVD-201303-524 // NVD: CVE-2013-6819

CREDITS

Dmitry Chastukhin (ERPScan)

Trust: 0.9

sources: BID: 58614 // CNNVD: CNNVD-201303-524

SOURCES

db:	BID	id:	58614
db:	JVNDB	id:	JVNDB-2013-005198
db:	CNNVD	id:	CNNVD-201311-290
db:	CNNVD	id:	CNNVD-201303-524
db:	NVD	id:	CVE-2013-6819

LAST UPDATE DATE

2024-11-23T22:59:42.731000+00:00

SOURCES UPDATE DATE

db:	BID	id:	58614	date:	2013-11-21T01:09:00
db:	JVNDB	id:	JVNDB-2013-005198	date:	2013-11-21T00:00:00
db:	CNNVD	id:	CNNVD-201311-290	date:	2013-11-22T00:00:00
db:	CNNVD	id:	CNNVD-201303-524	date:	2013-03-26T00:00:00
db:	NVD	id:	CVE-2013-6819	date:	2024-11-21T01:59:46.160

SOURCES RELEASE DATE

db:	BID	id:	58614	date:	2013-03-14T00:00:00
db:	JVNDB	id:	JVNDB-2013-005198	date:	2013-11-21T00:00:00
db:	CNNVD	id:	CNNVD-201311-290	date:	2013-11-22T00:00:00
db:	CNNVD	id:	CNNVD-201303-524	date:	2013-03-26T00:00:00
db:	NVD	id:	CVE-2013-6819	date:	2013-11-20T14:12:30.977