Vulnerability Details : CVE-2013-7364
An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors.
Exploit prediction scoring system (EPSS) score for CVE-2013-7364
Probability of exploitation activity in the next 30 days: 0.39%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 73 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-7364
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2013-7364
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-7364
-
http://www.onapsis.com/research-advisories.php
Page Not Found | Onapsis
-
http://scn.sap.com/docs/DOC-8218
Acknowledgments to Security Researchers - Security and Identity Management - SCN Wiki
-
https://service.sap.com/sap/support/notes/1682613
-
http://www.onapsis.com/get.php?resid=adv_onapsis-2013-004
Page Not Found | Onapsis
-
http://archives.neohapsis.com/archives/bugtraq/2013-02/0133.html
Products affected by CVE-2013-7364
- cpe:2.3:a:sap:netweaver:-:*:*:*:*:*:*:*