Vulnerability Description
The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Netweaver | <= 7.02 |
Related Weaknesses (CWE)
References
- http://scn.sap.com/docs/DOC-8218
- http://secunia.com/advisories/55778Vendor Advisory
- https://erpscan.io/advisories/erpscan-13-021-sap-portal-unvalidated-redirect/
- https://service.sap.com/sap/support/notes/1854826
- http://scn.sap.com/docs/DOC-8218
- http://secunia.com/advisories/55778Vendor Advisory
- https://erpscan.io/advisories/erpscan-13-021-sap-portal-unvalidated-redirect/
- https://service.sap.com/sap/support/notes/1854826
FAQ
What is CVE-2013-6814?
CVE-2013-6814 is a vulnerability with a CVSS score of 5.8 (MEDIUM). The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPA...
How severe is CVE-2013-6814?
CVE-2013-6814 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-6814?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Netweaver.