Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-7364

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2013-7364
Last Modified 11 Apr 2014 01:16:02
Published 10 Apr 2014 04:55:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-7364

Summary

An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors.

Vulnerable Systems

Application

  • Sap Netweaver -


References

MISC - https://service.sap.com/sap/support/notes/1682613

MISC - http://www.onapsis.com/research-advisories.php

MISC - http://www.onapsis.com/get.php?resid=adv_onapsis-2013-004

CONFIRM - http://scn.sap.com/docs/DOC-8218

BUGTRAQ - 20130222 [Onapsis Security Advisory 2013-004] SAP J2EE Core Service Arbitrary File Access


Last Updated: 27 May 2016 11:04:54