ID

VAR-201311-0368


CVE

CVE-2013-6822


TITLE

SAP NetWeaver GRMGApp Security Bypass and Information Disclosure Vulnerabilities

Trust: 0.9

sources: BID: 58095 // CNNVD: CNNVD-201302-484

DESCRIPTION

GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue. SAP NetWeaver of GRMGApp Contains vulnerabilities that are unspecified. Successful exploits may allow an attacker to obtain sensitive information or bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks

Trust: 1.89

sources: NVD: CVE-2013-6822 // JVNDB: JVNDB-2013-005201 // BID: 58095

AFFECTED PRODUCTS

vendor:sapmodel:netweaverscope:eqversion: -

Trust: 1.6

vendor:sapmodel:netweaverscope: - version: -

Trust: 0.8

vendor:sapmodel:netweaverscope:eqversion:7.30

Trust: 0.3

vendor:sapmodel:netweaverscope:eqversion:7.10

Trust: 0.3

vendor:sapmodel:netweaverscope:eqversion:7.02

Trust: 0.3

vendor:sapmodel:netweaverscope:eqversion:7.01

Trust: 0.3

vendor:sapmodel:netweaverscope:eqversion:7.0

Trust: 0.3

sources: BID: 58095 // JVNDB: JVNDB-2013-005201 // CNNVD: CNNVD-201311-293 // NVD: CVE-2013-6822

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6822
value: HIGH

Trust: 1.0

NVD: CVE-2013-6822
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201311-293
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2013-6822
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2013-005201 // CNNVD: CNNVD-201311-293 // NVD: CVE-2013-6822

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2013-6822

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201311-293 // CNNVD: CNNVD-201302-484

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201311-293

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005201

PATCH

title:Acknowledgments to Security Researchersurl:http://scn.sap.com/docs/DOC-8218

Trust: 0.8

sources: JVNDB: JVNDB-2013-005201

EXTERNAL IDS

db:NVDid:CVE-2013-6822

Trust: 2.7

db:BIDid:58095

Trust: 0.9

db:JVNDBid:JVNDB-2013-005201

Trust: 0.8

db:CNNVDid:CNNVD-201311-293

Trust: 0.6

db:CNNVDid:CNNVD-201302-484

Trust: 0.6

sources: BID: 58095 // JVNDB: JVNDB-2013-005201 // CNNVD: CNNVD-201311-293 // CNNVD: CNNVD-201302-484 // NVD: CVE-2013-6822

REFERENCES

url:http://scn.sap.com/docs/doc-8218

Trust: 1.6

url:http://erpscan.com/advisories/dsecrg-13-002-sap-grmgapp-xxe-and-authentication-bypass/

Trust: 1.4

url:https://erpscan.io/advisories/dsecrg-13-002-sap-grmgapp-xxe-and-authentication-bypass/

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6822

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6822

Trust: 0.8

url:http://www.securityfocus.com/bid/58095

Trust: 0.6

url:http://www.sap.com/platform/netweaver/index.epx

Trust: 0.3

sources: BID: 58095 // JVNDB: JVNDB-2013-005201 // CNNVD: CNNVD-201311-293 // CNNVD: CNNVD-201302-484 // NVD: CVE-2013-6822

CREDITS

Dmitry Chastukhin of ERPScan

Trust: 0.9

sources: BID: 58095 // CNNVD: CNNVD-201302-484

SOURCES

db:BIDid:58095
db:JVNDBid:JVNDB-2013-005201
db:CNNVDid:CNNVD-201311-293
db:CNNVDid:CNNVD-201302-484
db:NVDid:CVE-2013-6822

LAST UPDATE DATE

2024-11-23T22:18:43.361000+00:00


SOURCES UPDATE DATE

db:BIDid:58095date:2013-11-25T01:04:00
db:JVNDBid:JVNDB-2013-005201date:2013-11-21T00:00:00
db:CNNVDid:CNNVD-201311-293date:2013-11-22T00:00:00
db:CNNVDid:CNNVD-201302-484date:2013-02-26T00:00:00
db:NVDid:CVE-2013-6822date:2024-11-21T01:59:46.570

SOURCES RELEASE DATE

db:BIDid:58095date:2013-01-28T00:00:00
db:JVNDBid:JVNDB-2013-005201date:2013-11-21T00:00:00
db:CNNVDid:CNNVD-201311-293date:2013-11-22T00:00:00
db:CNNVDid:CNNVD-201302-484date:2013-01-28T00:00:00
db:NVDid:CVE-2013-6822date:2013-11-20T14:12:31.023