CVE-2013-6244

Опубликовано: 24 окт. 2013

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~~slm~~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:netweaver:*:*:*:*:*:*:*:*

Версия до 7.31 (включая)

cpe:2.3:a:sap:netweaver:4.0:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver:6.4:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver:7.0:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver:7.01:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver:7.02:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver:7.03:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver:7.10:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver:7.30:*:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.00718

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-4pw3-339g-qhfm

github

больше 3 лет назад

The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.