CVE-2013-6244

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2013-6244
The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://en.securitylab.ru/lab/PT-2013-13
http://osvdb.org/98892
http://scn.sap.com/docs/DOC-8218
http://secunia.com/advisories/55302 Vendor Advisory
http://www.securityfocus.com/bid/63302
https://service.sap.com/sap/support/notes/1820894
http://en.securitylab.ru/lab/PT-2013-13
http://osvdb.org/98892
http://scn.sap.com/docs/DOC-8218
http://secunia.com/advisories/55302 Vendor Advisory
http://www.securityfocus.com/bid/63302
https://service.sap.com/sap/support/notes/1820894
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:netweaver:*:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:4.0:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:6.4:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:7.0:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:7.01:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:7.02:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:7.03:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:7.10:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:7.30:*:*:*:*:*:*:*
History

21 Nov 2024, 01:58

Type Values Removed Values Added
References () http://en.securitylab.ru/lab/PT-2013-13 - () http://en.securitylab.ru/lab/PT-2013-13 -
References () http://osvdb.org/98892 - () http://osvdb.org/98892 -
References () http://scn.sap.com/docs/DOC-8218 - () http://scn.sap.com/docs/DOC-8218 -
References () http://secunia.com/advisories/55302 - Vendor Advisory () http://secunia.com/advisories/55302 - Vendor Advisory
References () http://www.securityfocus.com/bid/63302 - () http://www.securityfocus.com/bid/63302 -
References () https://service.sap.com/sap/support/notes/1820894 - () https://service.sap.com/sap/support/notes/1820894 -
Information

Published : 2013-10-24 00:55

Updated : 2025-04-11 00:51

NVD link : CVE-2013-6244

Mitre link : CVE-2013-6244

CVE.ORG link : CVE-2013-6244

JSON object : View

Products Affected

sap

  • netweaver
CWE
NVD-CWE-noinfo