CVE-2013-6244

Sažetak

The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Reference

http://en.securitylab.ru/lab/PT-2013-13
http://osvdb.org/98892
http://scn.sap.com/docs/DOC-8218
http://secunia.com/advisories/55302
http://www.securityfocus.com/bid/63302
https://service.sap.com/sap/support/notes/1820894

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

31-10-2013 - 03:36

Objavljeno

24-10-2013 - 00:55