Details of VAR-201404-0303

ID

VAR-201404-0303

CVE

CVE-2013-7365

TITLE

SAP Enterprise portal cross-site scripting vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2013-006311 // CNNVD: CNNVD-201404-133

DESCRIPTION

Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks

Trust: 1.89

sources: NVD: CVE-2013-7365 // JVNDB: JVNDB-2013-006311 // BID: 58155

AFFECTED PRODUCTS

vendor:	sap	model:	enterprise portal	scope:	eq	version:	-	Trust: 1.6
vendor:	sap	model:	enterprise portal	scope:	-	version:	-	Trust: 0.8
vendor:	sap	model:	enterprise portal	scope:	eq	version:	0	Trust: 0.3

sources: BID: 58155 // JVNDB: JVNDB-2013-006311 // CNNVD: CNNVD-201404-133 // NVD: CVE-2013-7365

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-7365
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-7365
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201404-133
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2013-7365
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2013-006311 // CNNVD: CNNVD-201404-133 // NVD: CVE-2013-7365

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2013-006311 // NVD: CVE-2013-7365

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201303-102 // CNNVD: CNNVD-201404-133

TYPE

XSS

Trust: 1.2

sources: CNNVD: CNNVD-201303-102 // CNNVD: CNNVD-201404-133

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-006311

PATCH

title:

SAP Security Note 1589716

url:

http://scn.sap.com/docs/DOC-8218

Trust: 0.8

sources: JVNDB: JVNDB-2013-006311

EXTERNAL IDS

db:	NVD	id:	CVE-2013-7365	Trust: 2.7
db:	BID	id:	58155	Trust: 1.9
db:	JVNDB	id:	JVNDB-2013-006311	Trust: 0.8
db:	CNNVD	id:	CNNVD-201303-102	Trust: 0.6
db:	BUGTRAQ	id:	20130222 [ONAPSIS SECURITY ADVISORY 2013-003] SAP ENTERPRISE PORTAL CROSS-SITE-SCRIPTING	Trust: 0.6
db:	CNNVD	id:	CNNVD-201404-133	Trust: 0.6

sources: BID: 58155 // JVNDB: JVNDB-2013-006311 // CNNVD: CNNVD-201303-102 // CNNVD: CNNVD-201404-133 // NVD: CVE-2013-7365

REFERENCES

url:	http://www.onapsis.com/research-advisories.php	Trust: 2.4
url:	http://www.onapsis.com/get.php?resid=adv_onapsis-2013-003	Trust: 2.4
url:	http://archives.neohapsis.com/archives/bugtraq/2013-02/0132.html	Trust: 2.4
url:	http://www.securityfocus.com/bid/58155	Trust: 1.6
url:	https://service.sap.com/sap/support/notes/1589716	Trust: 1.6
url:	http://scn.sap.com/docs/doc-8218	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7365	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7365	Trust: 0.8

sources: JVNDB: JVNDB-2013-006311 // CNNVD: CNNVD-201303-102 // CNNVD: CNNVD-201404-133 // NVD: CVE-2013-7365

CREDITS

Jordan Santarsieri

Trust: 0.9

sources: BID: 58155 // CNNVD: CNNVD-201303-102

SOURCES

db:	BID	id:	58155
db:	JVNDB	id:	JVNDB-2013-006311
db:	CNNVD	id:	CNNVD-201303-102
db:	CNNVD	id:	CNNVD-201404-133
db:	NVD	id:	CVE-2013-7365

LAST UPDATE DATE

2024-11-23T22:13:44.461000+00:00

SOURCES UPDATE DATE

db:	BID	id:	58155	date:	2014-04-28T00:42:00
db:	JVNDB	id:	JVNDB-2013-006311	date:	2014-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201303-102	date:	2013-03-07T00:00:00
db:	CNNVD	id:	CNNVD-201404-133	date:	2014-04-14T00:00:00
db:	NVD	id:	CVE-2013-7365	date:	2024-11-21T02:00:50.843

SOURCES RELEASE DATE

db:	BID	id:	58155	date:	2013-02-21T00:00:00
db:	JVNDB	id:	JVNDB-2013-006311	date:	2014-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201303-102	date:	2013-02-21T00:00:00
db:	CNNVD	id:	CNNVD-201404-133	date:	2014-04-14T00:00:00
db:	NVD	id:	CVE-2013-7365	date:	2014-04-10T20:55:06.197