CVE-2013-6814Improper Input Validation in SAP Netweaver

CWE-20Improper Input Validation3 documents3 sources
Severity
5.8MEDIUMNVD
EPSS
0.3%
top 46.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP Netweaver
Timeline
PublishedNov 20
Latest updateMay 14

Description

The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

NVDsap/netweaver7.02+1

🔴Vulnerability Details

2
GHSA
GHSA-wgwf-2ggj-35f4: The J2EE Engine in SAP NetWeaver 62022-05-14
CVEList
CVE-2013-6814: The J2EE Engine in SAP NetWeaver 62013-11-19
CVE-2013-6814 — Improper Input Validation in SAP | cvebase