var-201309-0329
Vulnerability from variot
SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE.". Because some of the input passed to the \"ABAD0_DELETE_DERIVATION_TABLE\" function fails to filter properly before using the SQL query, the remote attacker manipulates the SQL query by injecting arbitrary SQL code. SAP NetWeaver is a set of service-oriented integrated application platform of German SAP company. The platform provides a development and runtime environment for SAP applications. The vulnerability stems from insufficient filtering of user-submitted data before the program constructs SQL query statements. Attackers can use this vulnerability to manipulate SQL query logic to perform unauthorized operations in the underlying database. There are vulnerabilities in SAP NetWeaver 7.30, other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201309-0329",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netweaver",
"scope": "eq",
"trust": 3.5,
"vendor": "sap",
"version": "7.30"
}
],
"sources": [
{
"db": "IVD",
"id": "01277918-1f0d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12896"
},
{
"db": "BID",
"id": "62147"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004089"
},
{
"db": "NVD",
"id": "CVE-2013-5723"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-171"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver:7.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5723"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nikolay Mescherin of ERPScan",
"sources": [
{
"db": "BID",
"id": "62147"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-065"
}
],
"trust": 0.9
},
"cve": "CVE-2013-5723",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-5723",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-12896",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "01277918-1f0d-11e6-abef-000c29c66e3d",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-5723",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-12896",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201309-171",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "01277918-1f0d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2013-5723",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "01277918-1f0d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12896"
},
{
"db": "VULMON",
"id": "CVE-2013-5723"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004089"
},
{
"db": "NVD",
"id": "CVE-2013-5723"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-171"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to \"ABAD0_DELETE_DERIVATION_TABLE.\". Because some of the input passed to the \\\"ABAD0_DELETE_DERIVATION_TABLE\\\" function fails to filter properly before using the SQL query, the remote attacker manipulates the SQL query by injecting arbitrary SQL code. SAP NetWeaver is a set of service-oriented integrated application platform of German SAP company. The platform provides a development and runtime environment for SAP applications. The vulnerability stems from insufficient filtering of user-submitted data before the program constructs SQL query statements. Attackers can use this vulnerability to manipulate SQL query logic to perform unauthorized operations in the underlying database. There are vulnerabilities in SAP NetWeaver 7.30, other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5723"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004089"
},
{
"db": "CNVD",
"id": "CNVD-2013-12896"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-065"
},
{
"db": "BID",
"id": "62147"
},
{
"db": "IVD",
"id": "01277918-1f0d-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2013-5723"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "62147",
"trust": 2.6
},
{
"db": "NVD",
"id": "CVE-2013-5723",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "96900",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "54702",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1029018",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2013-12896",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004089",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201309-065",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201309-171",
"trust": 0.6
},
{
"db": "IVD",
"id": "01277918-1F0D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2013-5723",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "01277918-1f0d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12896"
},
{
"db": "VULMON",
"id": "CVE-2013-5723"
},
{
"db": "BID",
"id": "62147"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004089"
},
{
"db": "NVD",
"id": "CVE-2013-5723"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-065"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-171"
}
]
},
"id": "VAR-201309-0329",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "01277918-1f0d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12896"
}
],
"trust": 1.07111164
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "01277918-1f0d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12896"
}
]
},
"last_update_date": "2023-12-18T13:14:55.074000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Acknowledgments to Security Researchers (SAP Security Note 1840249)",
"trust": 0.8,
"url": "http://scn.sap.com/docs/doc-8218"
},
{
"title": "SAP NetWeaver \u0027ABAD0_DELETE_DERIVATION_TABLE\u0027 function SQL injection vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/39364"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12896"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004089"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004089"
},
{
"db": "NVD",
"id": "CVE-2013-5723"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://secunia.com/advisories/54702"
},
{
"trust": 1.7,
"url": "http://osvdb.org/96900"
},
{
"trust": 1.7,
"url": "http://scn.sap.com/docs/doc-8218"
},
{
"trust": 1.7,
"url": "https://service.sap.com/sap/support/notes/1840249"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/62147"
},
{
"trust": 1.4,
"url": "http://erpscan.com/advisories/dsecrg-13-016-sap-netweaver-abad0_delete_derivation_table/"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1029018"
},
{
"trust": 1.1,
"url": "https://erpscan.io/advisories/dsecrg-13-016-sap-netweaver-abad0_delete_derivation_table/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5723"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5723"
},
{
"trust": 0.6,
"url": "http://www.securelist.com/en/advisories/54702"
},
{
"trust": 0.3,
"url": "http://www.sap.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/89.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=30800"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12896"
},
{
"db": "VULMON",
"id": "CVE-2013-5723"
},
{
"db": "BID",
"id": "62147"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004089"
},
{
"db": "NVD",
"id": "CVE-2013-5723"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-065"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-171"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "01277918-1f0d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12896"
},
{
"db": "VULMON",
"id": "CVE-2013-5723"
},
{
"db": "BID",
"id": "62147"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004089"
},
{
"db": "NVD",
"id": "CVE-2013-5723"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-065"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-171"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-09T00:00:00",
"db": "IVD",
"id": "01277918-1f0d-11e6-abef-000c29c66e3d"
},
{
"date": "2013-09-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-12896"
},
{
"date": "2013-09-12T00:00:00",
"db": "VULMON",
"id": "CVE-2013-5723"
},
{
"date": "2013-08-20T00:00:00",
"db": "BID",
"id": "62147"
},
{
"date": "2013-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004089"
},
{
"date": "2013-09-12T13:31:15.587000",
"db": "NVD",
"id": "CVE-2013-5723"
},
{
"date": "2013-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-065"
},
{
"date": "2013-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-171"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-12896"
},
{
"date": "2018-12-10T00:00:00",
"db": "VULMON",
"id": "CVE-2013-5723"
},
{
"date": "2013-08-20T00:00:00",
"db": "BID",
"id": "62147"
},
{
"date": "2013-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004089"
},
{
"date": "2018-12-10T19:29:00.903000",
"db": "NVD",
"id": "CVE-2013-5723"
},
{
"date": "2013-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-065"
},
{
"date": "2013-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-171"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201309-065"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-171"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP NetWeaver \u2018 ABAD0_DELETE_DERIVATION_TABLE \u0027function SQL Injection vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201309-065"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-171"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "01277918-1f0d-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-065"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-171"
}
],
"trust": 1.4
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.