CVE-2013-7364

Published: Apr 10, 2014Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors.

Affected (1)

Products: Sap: Netweaver

Sap

1 product

Netweaver

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Netweaver	All versions

Related CWEs

CWE-264

References (10)

http://archives.neohapsis.com/archives/bugtraq/2013-02/0133.html

Source: cve@mitre.org

http://scn.sap.com/docs/DOC-8218

Source: cve@mitre.org

http://www.onapsis.com/get.php?resid=adv_onapsis-2013-004

Source: cve@mitre.org

http://www.onapsis.com/research-advisories.php

Source: cve@mitre.org

https://service.sap.com/sap/support/notes/1682613

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2013-02/0133.html