5

CVE-2013-6244

EPSS 0.72%
Veröffentlicht 24.10.2013 00:55:02
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

SAP ≫ Netweaver Version <= 7.31

SAP ≫ Netweaver Version4.0

SAP ≫ Netweaver Version6.4

SAP ≫ Netweaver Version7.0

SAP ≫ Netweaver Version7.01

SAP ≫ Netweaver Version7.02

SAP ≫ Netweaver Version7.03

SAP ≫ Netweaver Version7.10

SAP ≫ Netweaver Version7.30

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.72%	0.701

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

http://scn.sap.com/docs/DOC-8218

http://en.securitylab.ru/lab/PT-2013-13

http://osvdb.org/98892

http://secunia.com/advisories/55302

Vendor Advisory

http://www.securityfocus.com/bid/63302

https://service.sap.com/sap/support/notes/1820894

https://nvd.nist.gov/vuln/detail/CVE-2013-6244

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-6244

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-6244

EUVD