1. CVE-Search
  2. CVE-2013-6244
ID CVE-2013-6244
Summary The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
References
Vulnerable Configurations
  • cpe:2.3:a:sap:netweaver:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:6.4:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:7.01:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver:7.01:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:7.02:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver:7.02:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:7.03:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver:7.03:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:7.10:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver:7.10:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:7.30:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver:7.30:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:-:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver:-:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:7.0:ehp1:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver:7.0:ehp1:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:7.0:ehp2:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver:7.0:ehp2:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:7.0:ehp3:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver:7.0:ehp3:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:7.0:sp15:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver:7.0:sp15:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:7.0:sp8:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver:7.0:sp8:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:7.01:sr1:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver:7.01:sr1:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:7.02:sp06:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver:7.02:sp06:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:7.3:ehp1:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver:7.3:ehp1:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:7.5:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver:7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:7.11:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver:7.11:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:7.20:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver:7.20:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:7.30:*:*:*:business_intelligence:*:*:*
    cpe:2.3:a:sap:netweaver:7.30:*:*:*:business_intelligence:*:*:*
  • cpe:2.3:a:sap:netweaver:7.30:sp04:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver:7.30:sp04:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:7.31:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver:7.31:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:7.31:*:*:*:business_intelligence:*:*:*
    cpe:2.3:a:sap:netweaver:7.31:*:*:*:business_intelligence:*:*:*
CVSS
Base: 5.0 (as of 31-10-2013 - 03:36)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid 63302
confirm http://scn.sap.com/docs/DOC-8218
misc
osvdb 98892
secunia 55302
Last major update 31-10-2013 - 03:36
Published 24-10-2013 - 00:55
Last modified 31-10-2013 - 03:36
Back to Top