Details of VAR-201404-0365

ID

VAR-201404-0365

CVE

CVE-2013-7367

TITLE

SAP Enterprise Portal Information Disclosure Vulnerability

Trust: 1.7

sources: IVD: 1bfc58f0-1f33-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-01428 // BID: 58156 // CNNVD: CNNVD-201303-101

DESCRIPTION

SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. An information disclosure vulnerability exists in SAP Enterprise Portal. Attackers can exploit vulnerabilities to obtain sensitive information that may be helpful in further attacks

Trust: 2.61

sources: NVD: CVE-2013-7367 // JVNDB: JVNDB-2013-006313 // CNVD: CNVD-2013-01428 // BID: 58156 // IVD: 1bfc58f0-1f33-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 1bfc58f0-1f33-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-01428

AFFECTED PRODUCTS

vendor:	sap	model:	enterprise portal	scope:	eq	version:	-	Trust: 1.6
vendor:	sap	model:	enterprise portal	scope:	eq	version:	0	Trust: 0.9
vendor:	sap	model:	enterprise portal	scope:	-	version:	-	Trust: 0.8
vendor:	portal	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: 1bfc58f0-1f33-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-01428 // BID: 58156 // JVNDB: JVNDB-2013-006313 // CNNVD: CNNVD-201404-135 // NVD: CVE-2013-7367

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-7367
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-7367
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201404-135
value:	HIGH
Trust: 0.6
IVD:	1bfc58f0-1f33-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2013-7367
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	1bfc58f0-1f33-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 1bfc58f0-1f33-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2013-006313 // CNNVD: CNNVD-201404-135 // NVD: CVE-2013-7367

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.8

sources: JVNDB: JVNDB-2013-006313 // NVD: CVE-2013-7367

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201404-135 // CNNVD: CNNVD-201303-101

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201404-135

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-006313

PATCH

title:	SAP Security Note 1658947	url:	http://scn.sap.com/docs/DOC-8218	Trust: 0.8
title:	Patch for SAP Enterprise Portal Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/32571	Trust: 0.6

sources: CNVD: CNVD-2013-01428 // JVNDB: JVNDB-2013-006313

EXTERNAL IDS

db:	NVD	id:	CVE-2013-7367	Trust: 2.9
db:	BID	id:	58156	Trust: 1.5
db:	CNVD	id:	CNVD-2013-01428	Trust: 0.8
db:	CNNVD	id:	CNNVD-201404-135	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-006313	Trust: 0.8
db:	BUGTRAQ	id:	20130222 [ONAPSIS SECURITY ADVISORY 2013-001] SAP PORTAL PDC INFORMATION DISCLOSURE	Trust: 0.6
db:	CNNVD	id:	CNNVD-201303-101	Trust: 0.6
db:	IVD	id:	1BFC58F0-1F33-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 1bfc58f0-1f33-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-01428 // BID: 58156 // JVNDB: JVNDB-2013-006313 // CNNVD: CNNVD-201404-135 // CNNVD: CNNVD-201303-101 // NVD: CVE-2013-7367

REFERENCES

url:	http://www.onapsis.com/research-advisories.php	Trust: 2.4
url:	http://www.onapsis.com/get.php?resid=adv_onapsis-2013-001	Trust: 2.4
url:	http://archives.neohapsis.com/archives/bugtraq/2013-02/0130.html	Trust: 2.4
url:	https://service.sap.com/sap/support/notes/1658947	Trust: 1.6
url:	http://scn.sap.com/docs/doc-8218	Trust: 1.6
url:	http://www.securityfocus.com/bid/58156	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7367	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7367	Trust: 0.8

sources: CNVD: CNVD-2013-01428 // JVNDB: JVNDB-2013-006313 // CNNVD: CNNVD-201404-135 // CNNVD: CNNVD-201303-101 // NVD: CVE-2013-7367

CREDITS

Mariano Nunez

Trust: 0.9

sources: BID: 58156 // CNNVD: CNNVD-201303-101

SOURCES

db:	IVD	id:	1bfc58f0-1f33-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2013-01428
db:	BID	id:	58156
db:	JVNDB	id:	JVNDB-2013-006313
db:	CNNVD	id:	CNNVD-201404-135
db:	CNNVD	id:	CNNVD-201303-101
db:	NVD	id:	CVE-2013-7367

LAST UPDATE DATE

2024-11-23T22:52:52.817000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-01428	date:	2013-05-28T00:00:00
db:	BID	id:	58156	date:	2014-06-30T00:05:00
db:	JVNDB	id:	JVNDB-2013-006313	date:	2014-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201404-135	date:	2014-04-14T00:00:00
db:	CNNVD	id:	CNNVD-201303-101	date:	2013-03-07T00:00:00
db:	NVD	id:	CVE-2013-7367	date:	2024-11-21T02:00:51.153

SOURCES RELEASE DATE

db:	IVD	id:	1bfc58f0-1f33-11e6-abef-000c29c66e3d	date:	2013-03-05T00:00:00
db:	CNVD	id:	CNVD-2013-01428	date:	2013-03-05T00:00:00
db:	BID	id:	58156	date:	2013-02-21T00:00:00
db:	JVNDB	id:	JVNDB-2013-006313	date:	2014-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201404-135	date:	2014-04-14T00:00:00
db:	CNNVD	id:	CNNVD-201303-101	date:	2013-02-21T00:00:00
db:	NVD	id:	CVE-2013-7367	date:	2014-04-10T20:55:06.257