Vulnerability Details CVE-2013-6815
The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.8%
CVSS Severity
CVSS v2 Score 5.0
References
- http://scn.sap.com/docs/DOC-8218
- http://secunia.com/advisories/55620
- https://erpscan.io/advisories/erpscan-13-020-sap-netweaver-shsti_upload_xml-xxe/
- https://service.sap.com/sap/support/notes/1890819
- http://scn.sap.com/docs/DOC-8218
- http://secunia.com/advisories/55620
- https://erpscan.io/advisories/erpscan-13-020-sap-netweaver-shsti_upload_xml-xxe/
- https://service.sap.com/sap/support/notes/1890819
Products affected by CVE-2013-6815
-
cpe:2.3:a:sap:netweaver:-
-
cpe:2.3:a:sap:netweaver:4.0
-
cpe:2.3:a:sap:netweaver:6.4
-
cpe:2.3:a:sap:netweaver:7.0
-
cpe:2.3:a:sap:netweaver:7.01
-
cpe:2.3:a:sap:netweaver:7.02
-
cpe:2.3:a:sap:netweaver:7.03
-
cpe:2.3:a:sap:netweaver:7.1
-
cpe:2.3:a:sap:netweaver:7.10
-
cpe:2.3:a:sap:netweaver:7.11
-
cpe:2.3:a:sap:netweaver:7.2
-
cpe:2.3:a:sap:netweaver:7.20
-
cpe:2.3:a:sap:netweaver:7.22ext
-
cpe:2.3:a:sap:netweaver:7.3
-
cpe:2.3:a:sap:netweaver:7.30
-
cpe:2.3:a:sap:netweaver:7.31
-
cpe:2.3:a:sap:netweaver:7.4
-
cpe:2.3:a:sap:netweaver:7.5