CVE-2013-3062 : The CP_RC_TRANSACTION_CALL_BY_SET function in the Engineering Workbench component in SAP Production Planning and Control

The CP_RC_TRANSACTION_CALL_BY_SET function in the Engineering Workbench component in SAP Production Planning and Control allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors.

Published 2013-05-01 12:00:14

Updated 2014-03-07 13:39:13

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2013-3062

Probability of exploitation activity in the next 30 days: 0.27%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 64 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-3062

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2013-3062

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-3062

http://scn.sap.com/docs/DOC-8218

Acknowledgments to Security Researchers - Security and Identity Management - SCN Wiki

CVEs referencing this url
https://service.sap.com/sap/support/notes/1537089
http://www.esnc.de/sap-security-audit-and-scan-services/security-advisories/38-privilege-escalation-in-sap-production-planning-and-control

[ESNC-2013-002] Privilege Escalation in SAP Production Planning and Control | by ESNC
http://archives.neohapsis.com/archives/bugtraq/2013-04/0178.html

Products affected by CVE-2013-3062

SAP » Production Planning And Control » Version: N/A
cpe:2.3:a:sap:production_planning_and_control:-:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2013-3062

Exploit prediction scoring system (EPSS) score for CVE-2013-3062

CVSS scores for CVE-2013-3062

CWE ids for CVE-2013-3062

References for CVE-2013-3062

Products affected by CVE-2013-3062