CVE-2013-3244

CVSS V2 Medium 6 CVSS V3 None

Description

Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB function in the Project System (PS-IS) module for SAP ERP Central Component (ECC) allow remote attackers to execute arbitrary code via a (1) RFC or (2) SOAP-RFC request.

Overview

CVE ID
CVE-2013-3244

Assigner
cve@mitre.org

Vulnerability Status
Analyzed

Published Version
2013-10-24T00:55:02

Last Modified Date
2013-10-25T15:18:40

Weakness Enumerations

CWE	URL
CWE-94	http://cwe.mitre.org/data/definitions/94.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
cpe:2.3:a:sap:erp_central_component:-:::::::*	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:M/Au:S/C:P/I:P/A:P

Access Vector
NETWORK

Access Compatibility
MEDIUM

Authentication
SINGLE

Confidentiality Impact
PARTIAL

Integrity Impact
PARTIAL

Availability Impact
PARTIAL

Base Score
6

Severity
MEDIUM

Exploitability Score
6.8

Impact Score
6.4

References

Reference URL	Reference Tags
https://service.sap.com/sap/support/notes/1776695
http://scn.sap.com/docs/DOC-8218
http://www.esnc.de/sap-security-audit-and-scan-services/security-advisories/58-remote-code-injection-in-sap-erp-project-system.html

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2013-3244
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3244

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 10:40:34				Added to TrackCVE
2022-12-01 20:23:50	2013-10-24T00:55Z	2013-10-24T00:55:02	CVE Published Date	updated
2022-12-01 20:23:50		2013-10-25T15:18:40	CVE Modified Date	updated
2022-12-01 20:23:51		Analyzed	Vulnerability Status	updated