CVE-2013-6814

{"id": "CVE-2013-6814", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-11-20T14:12:30.913", "references": [{"url": "http://scn.sap.com/docs/DOC-8218", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/55778", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://erpscan.io/advisories/erpscan-13-021-sap-portal-unvalidated-redirect/", "source": "cve@mitre.org"}, {"url": "https://service.sap.com/sap/support/notes/1854826", "source": "cve@mitre.org"}, {"url": "http://scn.sap.com/docs/DOC-8218", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/55778", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://erpscan.io/advisories/erpscan-13-021-sap-portal-unvalidated-redirect/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://service.sap.com/sap/support/notes/1854826", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors."}, {"lang": "es", "value": "J2EE Engine en SAP NetWeaver 6.40, 7.02, y anteriores versiones permite a atacantes remotos redirigir usuarios a sitios web arbitrarios para llevar a cabo ataques de phishing, y obtener informaci\u00f3n sensible (cookies y SAPPASSPORT) a trav\u00e9s de vectores no especificados."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AFD395C-99B0-4AA2-AF4D-5D29076ED6E2", "versionEndIncluding": "7.02"}, {"criteria": "cpe:2.3:a:sap:netweaver:6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A35F93E3-FC19-4A52-885A-AA2112CAF34D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}