Sign-up

ID

VAR-201312-0500


TITLE

SAP Customer Relationship Management XML External entity vulnerability

Trust: 0.8

sources: IVD: e492c614-1ef7-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-15123

DESCRIPTION

SAP Customer Relationship Management is a customer relationship management solution. SAP Customer Relationship Management The SAP XML parser (/sap/crm/crm_flex_data) has an error in processing XML entities and no detailed vulnerability details are available

Trust: 0.72

sources: CNVD: CNVD-2013-15123 // IVD: e492c614-1ef7-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e492c614-1ef7-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-15123

AFFECTED PRODUCTS

vendor:sapmodel:customer relationship management ehpscope:eqversion:7.022

Trust: 0.8

sources: IVD: e492c614-1ef7-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-15123

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2013-15123
value: MEDIUM

Trust: 0.6

IVD: e492c614-1ef7-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

CNVD: CNVD-2013-15123
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e492c614-1ef7-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: e492c614-1ef7-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-15123

TYPE

Design error

Trust: 0.2

sources: IVD: e492c614-1ef7-11e6-abef-000c29c66e3d

PATCH

title:Patch for SAP Customer Relationship Management XML External Entity Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/41734

Trust: 0.6

sources: CNVD: CNVD-2013-15123

EXTERNAL IDS

db:CNVDid:CNVD-2013-15123

Trust: 0.8

db:IVDid:E492C614-1EF7-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: e492c614-1ef7-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-15123

REFERENCES

url:http://erpscan.com/advisories/erpscan-13-025-sap-crm-crm_flex_data-xxe/

Trust: 0.6

sources: CNVD: CNVD-2013-15123

SOURCES

db:IVDid:e492c614-1ef7-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-15123

LAST UPDATE DATE

2022-05-17T01:43:23.753000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-15123date:2013-12-17T00:00:00

SOURCES RELEASE DATE

db:IVDid:e492c614-1ef7-11e6-abef-000c29c66e3ddate:2013-12-17T00:00:00
db:CNVDid:CNVD-2013-15123date:2013-12-17T00:00:00