5

CVE-2013-6244

EPSS 0.72%
Published 24.10.2013 00:55:02
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected products Warnungen 0 Metrics 2 CWE 0 References 9

Data is provided by the National Vulnerability Database (NVD)

SAP ≫ Netweaver Version <= 7.31

SAP ≫ Netweaver Version4.0

SAP ≫ Netweaver Version6.4

SAP ≫ Netweaver Version7.0

SAP ≫ Netweaver Version7.01

SAP ≫ Netweaver Version7.02

SAP ≫ Netweaver Version7.03

SAP ≫ Netweaver Version7.10

SAP ≫ Netweaver Version7.30

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.72%	0.701

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

http://scn.sap.com/docs/DOC-8218

http://en.securitylab.ru/lab/PT-2013-13

http://osvdb.org/98892

http://secunia.com/advisories/55302

Vendor Advisory

http://www.securityfocus.com/bid/63302

https://service.sap.com/sap/support/notes/1820894

https://nvd.nist.gov/vuln/detail/CVE-2013-6244

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-6244

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-6244

EUVD