Details of VAR-201302-0418

ID

VAR-201302-0418

TITLE

SAP Xcelsius Dashboard Cross-Site Request Forgery Vulnerability

Trust: 1.4

sources: IVD: 8bceaf88-1f34-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-01303 // CNNVD: CNNVD-201302-544

DESCRIPTION

SAP Xcelsius Dashboard is a dynamic dashboard design tool from SAP. A cross-site request forgery vulnerability exists in SAP Xcelsius Dashboard. Allows an attacker to build a malicious URI, entice a user to resolve, and perform malicious actions in the target user context. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible

Trust: 0.99

sources: CNVD: CNVD-2013-01303 // BID: 58117 // IVD: 8bceaf88-1f34-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 8bceaf88-1f34-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-01303

AFFECTED PRODUCTS

vendor:	sap	model:	xcelsius dashboard	scope:	-	version:	-	Trust: 0.6
vendor:	sap	model:	xcelsius dashboard null	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 8bceaf88-1f34-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-01303

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD:	8bceaf88-1f34-11e6-abef-000c29c66e3d
value:	LOW
Trust: 0.2

IVD:	8bceaf88-1f34-11e6-abef-000c29c66e3d
severity:	NONE
baseScore:	NONE
vectorString:	NONE
accessVector:	NONE
accessComplexity:	NONE
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	UNKNOWN
Trust: 0.2

sources: IVD: 8bceaf88-1f34-11e6-abef-000c29c66e3d

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201302-544

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201302-544

PATCH

title:

Patch for SAP Xcelsius Dashboard Cross-Site Request Forgery Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/32231

Trust: 0.6

sources: CNVD: CNVD-2013-01303

EXTERNAL IDS

db:	BID	id:	58117	Trust: 1.5
db:	CNVD	id:	CNVD-2013-01303	Trust: 0.8
db:	SECUNIA	id:	52278	Trust: 0.6
db:	CNNVD	id:	CNNVD-201302-544	Trust: 0.6
db:	IVD	id:	8BCEAF88-1F34-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 8bceaf88-1f34-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-01303 // BID: 58117 // CNNVD: CNNVD-201302-544

REFERENCES

url:	http://secunia.com/advisories/52278/http	Trust: 0.6
url:	http://www.securityfocus.com/bid/58117	Trust: 0.6
url:	http://www.sap.com/	Trust: 0.3

sources: CNVD: CNVD-2013-01303 // BID: 58117 // CNNVD: CNNVD-201302-544

CREDITS

Alexey Tyurin, ERPScan

Trust: 0.9

sources: BID: 58117 // CNNVD: CNNVD-201302-544

SOURCES

db:	IVD	id:	8bceaf88-1f34-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2013-01303
db:	BID	id:	58117
db:	CNNVD	id:	CNNVD-201302-544

LAST UPDATE DATE

2022-05-17T01:55:58.274000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-01303	date:	2013-02-26T00:00:00
db:	BID	id:	58117	date:	2013-02-22T00:00:00
db:	CNNVD	id:	CNNVD-201302-544	date:	2013-02-26T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	8bceaf88-1f34-11e6-abef-000c29c66e3d	date:	2013-02-26T00:00:00
db:	CNVD	id:	CNVD-2013-01303	date:	2013-02-26T00:00:00
db:	BID	id:	58117	date:	2013-02-22T00:00:00
db:	CNNVD	id:	CNNVD-201302-544	date:	2013-02-26T00:00:00