cvelistv5 - CVE-2013-5751

CVE-2013-5751

Vulnerability from cvelistv5

Published

2013-09-16 19:00

Modified

2024-08-06 17:22

Severity ?

Summary

Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors.

References

URL	Tags
cve@mitre.org	http://en.securitylab.ru/lab/PT-2012-24
cve@mitre.org	http://osvdb.org/97350
cve@mitre.org	http://scn.sap.com/docs/DOC-8218
cve@mitre.org	http://secunia.com/advisories/54809	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/62391
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/87121
cve@mitre.org	https://websmp230.sap-ag.de/sap/support/notes/1779578
af854a3a-2127-422b-91ae-364da2661108	http://en.securitylab.ru/lab/PT-2012-24
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/97350
af854a3a-2127-422b-91ae-364da2661108	http://scn.sap.com/docs/DOC-8218
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/54809	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/62391
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/87121
af854a3a-2127-422b-91ae-364da2661108	https://websmp230.sap-ag.de/sap/support/notes/1779578

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:22:30.136Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "54809",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/54809"
          },
          {
            "name": "97350",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/97350"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://en.securitylab.ru/lab/PT-2012-24"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://websmp230.sap-ag.de/sap/support/notes/1779578"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://scn.sap.com/docs/DOC-8218"
          },
          {
            "name": "62391",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/62391"
          },
          {
            "name": "sap-netweaver-unspecified-dir-traversal(87121)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87121"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "54809",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/54809"
        },
        {
          "name": "97350",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/97350"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://en.securitylab.ru/lab/PT-2012-24"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://websmp230.sap-ag.de/sap/support/notes/1779578"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://scn.sap.com/docs/DOC-8218"
        },
        {
          "name": "62391",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/62391"
        },
        {
          "name": "sap-netweaver-unspecified-dir-traversal(87121)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87121"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-5751",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "54809",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/54809"
            },
            {
              "name": "97350",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/97350"
            },
            {
              "name": "http://en.securitylab.ru/lab/PT-2012-24",
              "refsource": "MISC",
              "url": "http://en.securitylab.ru/lab/PT-2012-24"
            },
            {
              "name": "https://websmp230.sap-ag.de/sap/support/notes/1779578",
              "refsource": "MISC",
              "url": "https://websmp230.sap-ag.de/sap/support/notes/1779578"
            },
            {
              "name": "http://scn.sap.com/docs/DOC-8218",
              "refsource": "CONFIRM",
              "url": "http://scn.sap.com/docs/DOC-8218"
            },
            {
              "name": "62391",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/62391"
            },
            {
              "name": "sap-netweaver-unspecified-dir-traversal(87121)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87121"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-5751",
    "datePublished": "2013-09-16T19:00:00",
    "dateReserved": "2013-09-16T00:00:00",
    "dateUpdated": "2024-08-06T17:22:30.136Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"41FAC5DD-D577-47F9-B0CA-006032256642\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:7.0:ehp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FC1767F-10BD-468B-8D2B-538C82EB69B2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:7.0:ehp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"D04DC424-129B-448D-994B-7AC5D9B64703\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:7.0:sp15:*:*:*:*:*:*\", \"matchCriteriaId\": \"ABEE6BE3-556F-4A1E-8FA3-CD5E5C1D42E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:7.0:sp8:*:*:*:*:*:*\", \"matchCriteriaId\": \"73914503-E9AA-4382-85FC-B0DD45ABDD77\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:7.01:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2794A7DB-D5B8-467E-93F4-D65245FF187D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:7.02:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9805246-77E5-456C-B7CF-07CFF2F9F069\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:7.03:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"369D0212-65DA-4121-981B-1F07B7465F97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:7.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EDFFDB95-B956-4B22-81F4-A4074D49D4A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:7.30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"606EFE4F-57A4-44E2-A98D-F0867A658218\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de recorrido de  directorios en SAP  NetWeaver 7.x permite a atacantes remotos leer ficheros arbitrarios a trav\\u00e9s de vectores no especificados\"}]",
      "id": "CVE-2013-5751",
      "lastModified": "2024-11-21T01:58:03.113",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2013-09-16T19:14:40.037",
      "references": "[{\"url\": \"http://en.securitylab.ru/lab/PT-2012-24\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/97350\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://scn.sap.com/docs/DOC-8218\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/54809\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/62391\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/87121\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://websmp230.sap-ag.de/sap/support/notes/1779578\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://en.securitylab.ru/lab/PT-2012-24\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/97350\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://scn.sap.com/docs/DOC-8218\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/54809\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/62391\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/87121\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://websmp230.sap-ag.de/sap/support/notes/1779578\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-5751\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2013-09-16T19:14:40.037\",\"lastModified\":\"2024-11-21T01:58:03.113\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de recorrido de  directorios en SAP  NetWeaver 7.x permite a atacantes remotos leer ficheros arbitrarios a trav\u00e9s de vectores no especificados\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41FAC5DD-D577-47F9-B0CA-006032256642\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:7.0:ehp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FC1767F-10BD-468B-8D2B-538C82EB69B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:7.0:ehp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D04DC424-129B-448D-994B-7AC5D9B64703\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:7.0:sp15:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABEE6BE3-556F-4A1E-8FA3-CD5E5C1D42E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:7.0:sp8:*:*:*:*:*:*\",\"matchCriteriaId\":\"73914503-E9AA-4382-85FC-B0DD45ABDD77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:7.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2794A7DB-D5B8-467E-93F4-D65245FF187D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:7.02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9805246-77E5-456C-B7CF-07CFF2F9F069\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:7.03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"369D0212-65DA-4121-981B-1F07B7465F97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:7.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDFFDB95-B956-4B22-81F4-A4074D49D4A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:7.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"606EFE4F-57A4-44E2-A98D-F0867A658218\"}]}]}],\"references\":[{\"url\":\"http://en.securitylab.ru/lab/PT-2012-24\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/97350\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://scn.sap.com/docs/DOC-8218\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/54809\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/62391\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/87121\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://websmp230.sap-ag.de/sap/support/notes/1779578\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://en.securitylab.ru/lab/PT-2012-24\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/97350\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://scn.sap.com/docs/DOC-8218\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/54809\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/62391\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/87121\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://websmp230.sap-ag.de/sap/support/notes/1779578\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2013-5751

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors.

Aliases

CVE-2013-5751

Aliases

CVE-2013-5751

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-5751",
    "description": "Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors.",
    "id": "GSD-2013-5751"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-5751"
      ],
      "details": "Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors.",
      "id": "GSD-2013-5751",
      "modified": "2023-12-13T01:22:22.143000Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2013-5751",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "54809",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/54809"
          },
          {
            "name": "97350",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/97350"
          },
          {
            "name": "http://en.securitylab.ru/lab/PT-2012-24",
            "refsource": "MISC",
            "url": "http://en.securitylab.ru/lab/PT-2012-24"
          },
          {
            "name": "https://websmp230.sap-ag.de/sap/support/notes/1779578",
            "refsource": "MISC",
            "url": "https://websmp230.sap-ag.de/sap/support/notes/1779578"
          },
          {
            "name": "http://scn.sap.com/docs/DOC-8218",
            "refsource": "CONFIRM",
            "url": "http://scn.sap.com/docs/DOC-8218"
          },
          {
            "name": "62391",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/62391"
          },
          {
            "name": "sap-netweaver-unspecified-dir-traversal(87121)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87121"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.0:sp15:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.0:sp8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.02:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.03:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.0:ehp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.0:ehp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-5751"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://websmp230.sap-ag.de/sap/support/notes/1779578",
              "refsource": "MISC",
              "tags": [],
              "url": "https://websmp230.sap-ag.de/sap/support/notes/1779578"
            },
            {
              "name": "http://scn.sap.com/docs/DOC-8218",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://scn.sap.com/docs/DOC-8218"
            },
            {
              "name": "54809",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/54809"
            },
            {
              "name": "http://en.securitylab.ru/lab/PT-2012-24",
              "refsource": "MISC",
              "tags": [],
              "url": "http://en.securitylab.ru/lab/PT-2012-24"
            },
            {
              "name": "62391",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/62391"
            },
            {
              "name": "97350",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/97350"
            },
            {
              "name": "sap-netweaver-unspecified-dir-traversal(87121)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87121"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-29T01:33Z",
      "publishedDate": "2013-09-16T19:14Z"
    }
  }
}

Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors. SAP NetWeaver is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application. This may aid in further attacks

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201309-0338",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "sap",
        "version": "7.30"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "sap",
        "version": "7.10"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "sap",
        "version": "7.03"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "sap",
        "version": "7.02"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "sap",
        "version": "7.01"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "sap",
        "version": "7.0"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sap",
        "version": "7.x"
      },
      {
        "model": "netweaver sp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.30"
      },
      {
        "model": "netweaver sp06",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.02"
      },
      {
        "model": "netweaver sr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.01"
      },
      {
        "model": "netweaver sp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.0"
      },
      {
        "model": "netweaver sp15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.0"
      },
      {
        "model": "netweaver ehp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.0"
      },
      {
        "model": "netweaver ehp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "62391"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004189"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5751"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-235"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.0:sp15:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.0:sp8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.02:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.03:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.0:ehp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.0:ehp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-5751"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Pavel Toporkov of Positive Technologies",
    "sources": [
      {
        "db": "BID",
        "id": "62391"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-5751",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2013-5751",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-5751",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201309-235",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004189"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5751"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-235"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors. SAP NetWeaver is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. \nRemote attackers can use specially crafted requests with directory-traversal sequences (\u0027../\u0027) to retrieve arbitrary files in the context of the application.            This may aid in further attacks",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-5751"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004189"
      },
      {
        "db": "BID",
        "id": "62391"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-5751",
        "trust": 2.7
      },
      {
        "db": "SECUNIA",
        "id": "54809",
        "trust": 1.6
      },
      {
        "db": "BID",
        "id": "62391",
        "trust": 1.3
      },
      {
        "db": "OSVDB",
        "id": "97350",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004189",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-235",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "62391"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004189"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5751"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-235"
      }
    ]
  },
  "id": "VAR-201309-0338",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.418644048
  },
  "last_update_date": "2023-12-18T13:57:50.152000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Acknowledgments to Security Researchers",
        "trust": 0.8,
        "url": "http://scn.sap.com/docs/doc-8218"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004189"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004189"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5751"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://en.securitylab.ru/lab/pt-2012-24"
      },
      {
        "trust": 1.6,
        "url": "http://scn.sap.com/docs/doc-8218"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/54809"
      },
      {
        "trust": 1.6,
        "url": "https://websmp230.sap-ag.de/sap/support/notes/1779578"
      },
      {
        "trust": 1.0,
        "url": "http://osvdb.org/97350"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/62391"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87121"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5751"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5751"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004189"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5751"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-235"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "62391"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004189"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5751"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-235"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-09-13T00:00:00",
        "db": "BID",
        "id": "62391"
      },
      {
        "date": "2013-09-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-004189"
      },
      {
        "date": "2013-09-16T19:14:40.037000",
        "db": "NVD",
        "id": "CVE-2013-5751"
      },
      {
        "date": "2013-09-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201309-235"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-04-13T21:01:00",
        "db": "BID",
        "id": "62391"
      },
      {
        "date": "2013-09-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-004189"
      },
      {
        "date": "2017-08-29T01:33:50.327000",
        "db": "NVD",
        "id": "CVE-2013-5751"
      },
      {
        "date": "2013-09-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201309-235"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-235"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SAP NetWeaver Directory Traversal Vulnerability",
    "sources": [
      {
        "db": "BID",
        "id": "62391"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-235"
      }
    ],
    "trust": 0.9
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "path traversal",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-235"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2013-5751

Vulnerability from fkie_nvd

Published

2013-09-16 19:14

Modified

2024-11-21 01:58

Severity ?

Summary

Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors.

References

URL	Tags
cve@mitre.org	http://en.securitylab.ru/lab/PT-2012-24
cve@mitre.org	http://osvdb.org/97350
cve@mitre.org	http://scn.sap.com/docs/DOC-8218
cve@mitre.org	http://secunia.com/advisories/54809	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/62391
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/87121
cve@mitre.org	https://websmp230.sap-ag.de/sap/support/notes/1779578
af854a3a-2127-422b-91ae-364da2661108	http://en.securitylab.ru/lab/PT-2012-24
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/97350
af854a3a-2127-422b-91ae-364da2661108	http://scn.sap.com/docs/DOC-8218
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/54809	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/62391
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/87121
af854a3a-2127-422b-91ae-364da2661108	https://websmp230.sap-ag.de/sap/support/notes/1779578

Impacted products

Vendor	Product	Version
sap	netweaver	7.0
sap	netweaver	7.0
sap	netweaver	7.0
sap	netweaver	7.0
sap	netweaver	7.0
sap	netweaver	7.01
sap	netweaver	7.02
sap	netweaver	7.03
sap	netweaver	7.10
sap	netweaver	7.30

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:netweaver:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "41FAC5DD-D577-47F9-B0CA-006032256642",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:7.0:ehp1:*:*:*:*:*:*",
              "matchCriteriaId": "9FC1767F-10BD-468B-8D2B-538C82EB69B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:7.0:ehp2:*:*:*:*:*:*",
              "matchCriteriaId": "D04DC424-129B-448D-994B-7AC5D9B64703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:7.0:sp15:*:*:*:*:*:*",
              "matchCriteriaId": "ABEE6BE3-556F-4A1E-8FA3-CD5E5C1D42E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:7.0:sp8:*:*:*:*:*:*",
              "matchCriteriaId": "73914503-E9AA-4382-85FC-B0DD45ABDD77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:7.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "2794A7DB-D5B8-467E-93F4-D65245FF187D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:7.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9805246-77E5-456C-B7CF-07CFF2F9F069",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:7.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "369D0212-65DA-4121-981B-1F07B7465F97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDFFDB95-B956-4B22-81F4-A4074D49D4A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:7.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "606EFE4F-57A4-44E2-A98D-F0867A658218",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de recorrido de  directorios en SAP  NetWeaver 7.x permite a atacantes remotos leer ficheros arbitrarios a trav\u00e9s de vectores no especificados"
    }
  ],
  "id": "CVE-2013-5751",
  "lastModified": "2024-11-21T01:58:03.113",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-09-16T19:14:40.037",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://en.securitylab.ru/lab/PT-2012-24"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/97350"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://scn.sap.com/docs/DOC-8218"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/54809"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/62391"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87121"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://websmp230.sap-ag.de/sap/support/notes/1779578"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://en.securitylab.ru/lab/PT-2012-24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/97350"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://scn.sap.com/docs/DOC-8218"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/54809"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/62391"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87121"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://websmp230.sap-ag.de/sap/support/notes/1779578"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-mmcc-cm64-327w

Vulnerability from github

Published

2022-05-17 01:31

Modified

2022-05-17 01:31

Details

Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-5751"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-09-16T19:14:00Z",
    "severity": "MODERATE"
  },
  "details": "Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors.",
  "id": "GHSA-mmcc-cm64-327w",
  "modified": "2022-05-17T01:31:20Z",
  "published": "2022-05-17T01:31:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5751"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87121"
    },
    {
      "type": "WEB",
      "url": "https://websmp230.sap-ag.de/sap/support/notes/1779578"
    },
    {
      "type": "WEB",
      "url": "http://en.securitylab.ru/lab/PT-2012-24"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/97350"
    },
    {
      "type": "WEB",
      "url": "http://scn.sap.com/docs/DOC-8218"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/54809"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/62391"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2013-5751

Vulnerability from cvelistv5

gsd-2013-5751

Vulnerability from gsd

var-201309-0338

Vulnerability from variot

fkie_cve-2013-5751

Vulnerability from fkie_nvd

ghsa-mmcc-cm64-327w

Vulnerability from github

Tags

Sightings

Nomenclature