Vulnerability Details CVE-2013-6814
The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.2%
CVSS Severity
CVSS v2 Score 5.8
References
- http://scn.sap.com/docs/DOC-8218
- http://secunia.com/advisories/55778
- https://erpscan.io/advisories/erpscan-13-021-sap-portal-unvalidated-redirect/
- https://service.sap.com/sap/support/notes/1854826
- http://scn.sap.com/docs/DOC-8218
- http://secunia.com/advisories/55778
- https://erpscan.io/advisories/erpscan-13-021-sap-portal-unvalidated-redirect/
- https://service.sap.com/sap/support/notes/1854826
Products affected by CVE-2013-6814
-
cpe:2.3:a:sap:netweaver:-
-
cpe:2.3:a:sap:netweaver:4.0
-
cpe:2.3:a:sap:netweaver:6.4
-
cpe:2.3:a:sap:netweaver:7.0
-
cpe:2.3:a:sap:netweaver:7.01
-
cpe:2.3:a:sap:netweaver:7.02
-
cpe:2.3:a:sap:netweaver:7.1
-
cpe:2.3:a:sap:netweaver:7.2